Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

FWSM: Not initiating Inbound (equal security - not NATting)

I'm testing equal security (80, 80) on internet facing and intranet facing interfaces.

I can originate traffic in the intranet side and receive the retun traffic from internet side.

However, I'm not able to receive traffic when originated in the internet side.

May I have some advice on this please?

Info:

-----

FWSM Firewall Version 2.3(4)

FWSM Device Manager Version 4.1(3)

Config Abstracts:

----------------

FWSM#

!

!

nameif vlan2047 mgmt security90

nameif vlan4094 outbound security80 !!----------facing internet

nameif vlan4047 inbound security80 !!----------facing intranet

!

ip address mgmt 10.220.251.4 255.255.255.0

ip address outbound 10.192.3.50 255.255.255.240

ip address inbound 172.16.1.10 255.255.255.252

!

!

ftp mode passive

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 H225 1720

fixup protocol h323 ras 1718-1719

fixup protocol rsh 514

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

no fixup protocol smtp 25

fixup protocol sqlnet 1521

!

!

2 REPLIES
Community Member

Re: FWSM: Not initiating Inbound (equal security - not NATting)

I forgot, but there is a command to permit traffic between same security levels. Can you try that? same-security-traffic permit inter-interface. You may also try nat-control. Also you need to permit on the inside interface (fwsm is different from PIX)

Satya

Community Member

Re: FWSM: Not initiating Inbound (equal security - not NATting)

"same-security-traffic permit inter-interface"

the above command is already inplace (i should have included this before). I need to look into Nat-control to see how this will fit in a situation without nating requirment.

I also want to know if the choice of context and system may make the difference for same-security-level. Please also view the o/p regarding context (Shows context as system) and.

FWSM# show resource usage

Resource Current Peak Limit Denied Context

SSH 1 2 5 0 System

Conns 3151 83760 unlimited 0 System

Xlates 7415 26399 unlimited 0 System

Hosts 7415 26399 unlimited 0 System

Conns [rate] 186 9114 unlimited 0 System

Fixups [rate] 40 8840 unlimited 0 System

BS-6506-FWSM#

171
Views
0
Helpful
2
Replies
CreatePlease to create content