08-15-2012 10:17 AM - edited 03-11-2019 04:42 PM
Hi All,
As the topic : Can same security level command create identity nat? I found identity nat when show xlate debug command although no configuration related to identitiy nat for those subnet ip address.
My brief configuration
- same security level intra interface is enable
- xlate-baypass is enable
- NAT examption for some subnet
08-15-2012 03:02 PM
To my knowlege the FWSM creates a xlate for all connections.
http://www.cisco.com/en/US/docs/security/fwsm/fwsm31/configuration/guide/cfgnat_f.html
"Even if you do not configure NAT, the FWSM continues to create translation sessions for all traffic automatically. In this case, the translation is from the real address to the same real address. See the
show xlate command to view translation sessions."
08-15-2012 06:15 PM
Hi rleivaoc,
It's true that FWSM will create a xlate for all connections but it wouldn't show up anymore if xlate-bypass enabled. I mean traffic that pass through FWSM because FWSM NAT on Hardware not Software like ASA.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide