09-04-2008 03:52 AM - edited 03-11-2019 06:39 AM
The first of all, thanks in advance.
We are making a new architecture with FWSM on 6500 and we have problems with the access trought it.
I know the Cisco PIX, and work with it, and I don't know if this is true or i have a big mistake or is different in FWSM, but it don't work properly:
I don't know if this is true or i have a big mistake, but it don't work properly.
INSIDE Level 100 OUTSIDE Level 0
Host A -------------------------------------------------------- Host 1
/ /
/ /
/ /
/ FW PIX /
/ /
/ /
Host B -------------------------------------------------------- Host 2
Two case:
Host A to Host 1 ==> Only need a NAT rule to connect to any in outside.
Host 2 to Host B ==> Need a ACL rule from outside to inside, and a NAT rule to Host B from inside to outside
What is the problem?
If you need, i could paste a config...
Solved! Go to Solution.
09-04-2008 06:05 AM
The FWSM is slightly different than the standalone pix. You need access-lists on all interfaces for traffic to be allowed so unlike a standalone pix where traffic is allowed from the inside to the outside without an access-list on the FWSM you need to have an access-list on the inside interface allowing the traffic, regardless of the security level.
Jon
09-04-2008 06:05 AM
The FWSM is slightly different than the standalone pix. You need access-lists on all interfaces for traffic to be allowed so unlike a standalone pix where traffic is allowed from the inside to the outside without an access-list on the FWSM you need to have an access-list on the inside interface allowing the traffic, regardless of the security level.
Jon
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: