Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Understand NAT and access rule in FWSM on 6500

The first of all, thanks in advance.

We are making a new architecture with FWSM on 6500 and we have problems with the access trought it.

I know the Cisco PIX, and work with it, and I don't know if this is true or i have a big mistake or is different in FWSM, but it don't work properly:

I don't know if this is true or i have a big mistake, but it don't work properly.

INSIDE Level 100 OUTSIDE Level 0

Host A -------------------------------------------------------- Host 1

/ /

/ /

/ /

/ FW PIX /

/ /

/ /

Host B -------------------------------------------------------- Host 2

Two case:

Host A to Host 1 ==> Only need a NAT rule to connect to any in outside.

Host 2 to Host B ==> Need a ACL rule from outside to inside, and a NAT rule to Host B from inside to outside

What is the problem?

If you need, i could paste a config...

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: Understand NAT and access rule in FWSM on 6500

The FWSM is slightly different than the standalone pix. You need access-lists on all interfaces for traffic to be allowed so unlike a standalone pix where traffic is allowed from the inside to the outside without an access-list on the FWSM you need to have an access-list on the inside interface allowing the traffic, regardless of the security level.

Jon

1 REPLY
Hall of Fame Super Blue

Re: Understand NAT and access rule in FWSM on 6500

The FWSM is slightly different than the standalone pix. You need access-lists on all interfaces for traffic to be allowed so unlike a standalone pix where traffic is allowed from the inside to the outside without an access-list on the FWSM you need to have an access-list on the inside interface allowing the traffic, regardless of the security level.

Jon

158
Views
0
Helpful
1
Replies
CreatePlease to create content