I have a badly design application (which can't be changed) which broadcasts snmp-trap packets from the client device to try and find the application server. This works fine on my current network where i have (DMZ with clients) Cat6500 MSFC - Checkpoint Firewall - Cat6500 MSFC (Internal with App Server) where i use IP helpers to forward the SNMP UDP packets. However we are re-designing the network so instead of the above (expensive) topology we will simply have (DMZ) FWSM (Internal) MSFC (so all on a single 6500). So i need to forward 162/udp broadcast 255.255.255.255 through the FWSM to the Internal network.
The only way i can think of is doing the following but am unsure if it will work:
access-list dmz_access_in permit udp host DMZ_HOST host 255.255.255.255
static (inside,dmz) 255.255.255.255 192.x.x.10 netmask 255.255.255.255
So the client sends a broadcast to 255.255.255.255 the FWSM which is the client's gateway permits the traffic and NATs the destination from 255.255.255.255 to the actual IP address of the server. Would this work or is there a better way of forwarding UDP broadcasts through and FWSM?
Note. I don't have the FWSM to try the above configuration hence why i'm asking before i procure it
CCSP - CCNA - DCASI