Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

FWSM: Not initiating Inbound (equal security - not NATting)

I'm testing equal security (80, 80) on internet facing and intranet facing interfaces.

I can originate traffic in the intranet side and receive the retun traffic from internet side.

However, I'm not able to receive traffic when originated in the internet side.

May I have some advice on this please?



FWSM Firewall Version 2.3(4)

FWSM Device Manager Version 4.1(3)

Config Abstracts:





nameif vlan2047 mgmt security90

nameif vlan4094 outbound security80 !!----------facing internet

nameif vlan4047 inbound security80 !!----------facing intranet


ip address mgmt

ip address outbound

ip address inbound



ftp mode passive

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 H225 1720

fixup protocol h323 ras 1718-1719

fixup protocol rsh 514

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

no fixup protocol smtp 25

fixup protocol sqlnet 1521



Community Member

Re: FWSM: Not initiating Inbound (equal security - not NATting)

I forgot, but there is a command to permit traffic between same security levels. Can you try that? same-security-traffic permit inter-interface. You may also try nat-control. Also you need to permit on the inside interface (fwsm is different from PIX)


Community Member

Re: FWSM: Not initiating Inbound (equal security - not NATting)

"same-security-traffic permit inter-interface"

the above command is already inplace (i should have included this before). I need to look into Nat-control to see how this will fit in a situation without nating requirment.

I also want to know if the choice of context and system may make the difference for same-security-level. Please also view the o/p regarding context (Shows context as system) and.

FWSM# show resource usage

Resource Current Peak Limit Denied Context

SSH 1 2 5 0 System

Conns 3151 83760 unlimited 0 System

Xlates 7415 26399 unlimited 0 System

Hosts 7415 26399 unlimited 0 System

Conns [rate] 186 9114 unlimited 0 System

Fixups [rate] 40 8840 unlimited 0 System


CreatePlease to create content