Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

FWSM - multiple interface and NAT

Hello:

I am in the process of configuring FWSM and want to have 3 inside interfaces and one outside. The Securty level for these interfaces as follows:

Outside - 0

Inside_1 - 80

Inside_2 - 70

Inside_3 - 60

But I don't want to perform NAT on any of them. Is this posiible (or do I have to setup same security levels for these interfaces to perform no NAT)?

Thanks in advance.........

2 ACCEPTED SOLUTIONS

Accepted Solutions
New Member

Re: FWSM - multiple interface and NAT

Hey,

You don't have to use NAT if you don't want to and the security levels don't have to be the same to achieve this. You will need to use the NAT 0 command though for each and statics to allow communication from lower to higher security-level.

I hope that helps.

Anthony

Silver

Re: FWSM - multiple interface and NAT

With FWSM version 3.x or higher, the blade,

by default, will route traffics so you do

NOT have to do anything. You still need

ACL to go from low to high but NOT from high

to low.

If you still use fwsm version 2.x, you still

NEED to perform no NAT to go from high to

low

CCIE security

2 REPLIES
New Member

Re: FWSM - multiple interface and NAT

Hey,

You don't have to use NAT if you don't want to and the security levels don't have to be the same to achieve this. You will need to use the NAT 0 command though for each and statics to allow communication from lower to higher security-level.

I hope that helps.

Anthony

Silver

Re: FWSM - multiple interface and NAT

With FWSM version 3.x or higher, the blade,

by default, will route traffics so you do

NOT have to do anything. You still need

ACL to go from low to high but NOT from high

to low.

If you still use fwsm version 2.x, you still

NEED to perform no NAT to go from high to

low

CCIE security

106
Views
0
Helpful
2
Replies
CreatePlease login to create content