https://community.cisco.com/t5/network-security/fwsm-can-same-security-level-command-create-identity-nat/m-p/1999205#M439226 <P>Hi All,</P><P></P><P>As the topic : Can same security level command create identity nat? I found identity nat when show xlate debug command although no configuration related to identitiy nat for those subnet ip address.</P><P></P><P>My brief configuration</P><P></P><P>- same security level intra interface is enable</P><P>- xlate-baypass is enable</P><P>- NAT examption for some subnet </P> Mon, 11 Mar 2019 23:42:43 GMT phatrachit 2019-03-11T23:42:43Z https://community.cisco.com/t5/network-security/fwsm-can-same-security-level-command-create-identity-nat/m-p/1999205#M439226 <P>Hi All,</P><P></P><P>As the topic : Can same security level command create identity nat? I found identity nat when show xlate debug command although no configuration related to identitiy nat for those subnet ip address.</P><P></P><P>My brief configuration</P><P></P><P>- same security level intra interface is enable</P><P>- xlate-baypass is enable</P><P>- NAT examption for some subnet </P> Mon, 11 Mar 2019 23:42:43 GMT https://community.cisco.com/t5/network-security/fwsm-can-same-security-level-command-create-identity-nat/m-p/1999205#M439226 phatrachit 2019-03-11T23:42:43Z https://community.cisco.com/t5/network-security/fwsm-can-same-security-level-command-create-identity-nat/m-p/1999206#M439227 <HTML><HEAD></HEAD><BODY><P>To my knowlege the FWSM creates a xlate for all connections.</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/fwsm/fwsm31/configuration/guide/cfgnat_f.html">http://www.cisco.com/en/US/docs/security/fwsm/fwsm31/configuration/guide/cfgnat_f.html</A></P><P></P><P><IMG border="0" height="2" src="http://www.cisco.com/en/US/i/templates/blank.gif" style="color: #000000; font-family: Arial, Helvetica, sans-serif; font-size: 12px; text-indent: -28.799999237060547px; background-color: #ffffff;" width="1" /></P><P>"Even if you do not configure NAT, the FWSM continues to create translation sessions for all traffic automatically. In this case, the translation is from the real address to the same real address. See the </P><P> <STRONG style="color: #000000; font-family: Arial, Helvetica, sans-serif; font-size: 12px; text-indent: -28.799999237060547px; background-color: #ffffff;">show xlate </STRONG>command to view translation sessions."</P></BODY></HTML> Wed, 15 Aug 2012 22:02:13 GMT https://community.cisco.com/t5/network-security/fwsm-can-same-security-level-command-create-identity-nat/m-p/1999206#M439227 rleivaoc 2012-08-15T22:02:13Z https://community.cisco.com/t5/network-security/fwsm-can-same-security-level-command-create-identity-nat/m-p/1999207#M439228 <HTML><HEAD></HEAD><BODY><P>Hi rleivaoc,</P><P></P><P>It's true that FWSM will create a xlate for all connections but it wouldn't show up anymore if xlate-bypass enabled. I mean traffic that pass through FWSM because FWSM NAT on Hardware not Software like ASA.</P></BODY></HTML> Thu, 16 Aug 2012 01:15:46 GMT https://community.cisco.com/t5/network-security/fwsm-can-same-security-level-command-create-identity-nat/m-p/1999207#M439228 phatrachit 2012-08-16T01:15:46Z