Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
670
Views
0
Helpful
2
Replies

FWSM : Can same security level command create identity nat?

phatrachit
Level 1
Level 1

‎08-15-2012 10:17 AM - edited ‎03-11-2019 04:42 PM

Hi All,

As the topic : Can same security level command create identity nat? I found identity nat when show xlate debug command although no configuration related to identitiy nat for those subnet ip address.

My brief configuration

- same security level intra interface is enable

- xlate-baypass is enable

- NAT examption for some subnet

Labels:
0 Helpful
2 Replies 2

rleivaoc
Cisco Employee
Cisco Employee

‎08-15-2012 03:02 PM

To my knowlege the FWSM creates a xlate for all connections.

http://www.cisco.com/en/US/docs/security/fwsm/fwsm31/configuration/guide/cfgnat_f.html

"Even if you do not configure NAT, the FWSM continues to create translation sessions for all traffic automatically. In this case, the translation is from the real address to the same real address. See the

show xlate command to view translation sessions."

0 Helpful

phatrachit
Level 1
Level 1
In response to rleivaoc

‎08-15-2012 06:15 PM

Hi rleivaoc,

It's true that FWSM will create a xlate for all connections but it wouldn't show up anymore if xlate-bypass enabled. I mean traffic that pass through FWSM because FWSM NAT on Hardware not Software like ASA.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card