cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
378
Views
0
Helpful
2
Replies

Problem - FWSM Rule

Guys,

I have a doubt.

I'm using FWSM and put the rule bellow:

access-list INTERNAL extended permit ip host 10.0.0.10  host 172.31.51.10

static (SERVER,INTERNAL) 172.31.51.10 172.31.51.10 netmask 255.255.255.255

I want that the folowing:

Source:10.0.0.10 --> Destination: 172.30.51.10 Port: ANY

The rule works perfectly, but, I don't know why, the server 172.31.51.10 can connect to 10.0.0.10. Why this occurs? I don't want that this occur.

Thank you!


2 Replies 2

Anand Kanani
Cisco Employee
Cisco Employee

What is the use of the identity NAT statement?

Also in order to deny the flows initiated from the reverse side, you can just create the reverse deny rule and apply on the other interface.

Kanani,

I used  NAT to permit the connection between the networks.

I understand that if I create a new rule to deny will work, but imagine if this happens to all the rules.

In fact I believe that should be occurring.

Is there any global setting FWSM does not permit this rule to work in reverse?

Thank you!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: