Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Problem - FWSM Rule

Guys,

I have a doubt.

I'm using FWSM and put the rule bellow:

access-list INTERNAL extended permit ip host 10.0.0.10  host 172.31.51.10

static (SERVER,INTERNAL) 172.31.51.10 172.31.51.10 netmask 255.255.255.255

I want that the folowing:

Source:10.0.0.10 --> Destination: 172.30.51.10 Port: ANY

The rule works perfectly, but, I don't know why, the server 172.31.51.10 can connect to 10.0.0.10. Why this occurs? I don't want that this occur.

Thank you!


2 REPLIES
Cisco Employee

Problem - FWSM Rule

What is the use of the identity NAT statement?

Also in order to deny the flows initiated from the reverse side, you can just create the reverse deny rule and apply on the other interface.

New Member

Problem - FWSM Rule

Kanani,

I used  NAT to permit the connection between the networks.

I understand that if I create a new rule to deny will work, but imagine if this happens to all the rules.

In fact I believe that should be occurring.

Is there any global setting FWSM does not permit this rule to work in reverse?

Thank you!

149
Views
0
Helpful
2
Replies
CreatePlease login to create content