Solved: Understand NAT and access rule in FWSM on 6500

acotelcom · ‎09-04-2008

The first of all, thanks in advance.

We are making a new architecture with FWSM on 6500 and we have problems with the access trought it.

I know the Cisco PIX, and work with it, and I don't know if this is true or i have a big mistake or is different in FWSM, but it don't work properly:

I don't know if this is true or i have a big mistake, but it don't work properly.

INSIDE Level 100 OUTSIDE Level 0

Host A -------------------------------------------------------- Host 1

/ /

/ FW PIX /

/ /

Host B -------------------------------------------------------- Host 2

Two case:

Host A to Host 1 ==> Only need a NAT rule to connect to any in outside.

Host 2 to Host B ==> Need a ACL rule from outside to inside, and a NAT rule to Host B from inside to outside

What is the problem?

If you need, i could paste a config...

Jon Marshall · ‎09-04-2008

The FWSM is slightly different than the standalone pix. You need access-lists on all interfaces for traffic to be allowed so unlike a standalone pix where traffic is allowed from the inside to the outside without an access-list on the FWSM you need to have an access-list on the inside interface allowing the traffic, regardless of the security level.

Jon

View solution in original post

Jon Marshall · ‎09-04-2008

The FWSM is slightly different than the standalone pix. You need access-lists on all interfaces for traffic to be allowed so unlike a standalone pix where traffic is allowed from the inside to the outside without an access-list on the FWSM you need to have an access-list on the inside interface allowing the traffic, regardless of the security level.

Jon