Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

FWSM : Can same security level command create identity nat?

Hi All,

As the topic : Can same security level command create identity nat? I found identity nat when show xlate debug command although no configuration related to identitiy nat for those subnet ip address.

My brief configuration

- same security level intra interface is enable

- xlate-baypass is enable

- NAT examption for some subnet

Everyone's tags (2)
2 REPLIES
Cisco Employee

FWSM : Can same security level command create identity nat?

To my knowlege the FWSM creates a xlate for all connections.

http://www.cisco.com/en/US/docs/security/fwsm/fwsm31/configuration/guide/cfgnat_f.html

"Even if you do not configure NAT, the FWSM continues to create translation sessions for all traffic automatically. In this case, the translation is from the real address to the same real address. See the

show xlate command to view translation sessions."

Community Member

FWSM : Can same security level command create identity nat?

Hi rleivaoc,

It's true that FWSM will create a xlate for all connections but it wouldn't show up anymore if xlate-bypass enabled. I mean traffic that pass through FWSM because FWSM NAT on Hardware not Software like ASA.

380
Views
0
Helpful
2
Replies
CreatePlease to create content