FWSM NAT misbehavior

ashishpanda · ‎01-26-2006

Hi,

I have a FWSM 2.3.1 on routed mode running on 6509 with switch on IOS.I am routing between two networks through FWSM as

10.16.0.0/24-----(int2)FWSM(int1)-----192.168.130/24

I am doing NAT bypass to communicate between int1 and int2.Security level for int1 is higher than int2

the related config for this is as follows.

ip address int2 10.10.255.2 255.255.255.252

static (int1,int2) 192.168.130.0 192.168.130.0 netmask 255.255.255.0

route int2 10.16.0.0 255.255.255.0 10.10.255.1

The configuration works fine but suddenly the 10.16.0.0/24 subnet becomes unreachable from FWSM and 192.168.130/24 network.

when i check the xlates i find.

Global 10.16.0.1 Local 10.16.0.1

Global 10.16.0.2 Local 10.16.0.2

Global 192.168.130.1 Local 192.168.130.1

The first 2 lines are not expected in normal scenarios as i should only be getting the third line.

The network becomes reachable as soon as i clear the translations for 10.16.0.0/24 network.

Any idea why this is happening?

regards

Ashish

smalkeric · ‎02-01-2006

On the FWSM, you must specifically configure some interfaces to either use or to bypass NAT. For example, when hosts on a higher security interface (inside) access hosts on a lower security interface (outside), you must configure NAT on the inside hosts or specifically configure the inside hosts to bypass NAT .

http://www.cisco.com/en/US/products/hw/switches/ps708/products_module_configuration_guide_chapter09186a00802010d2.html.