Hello all, I have a question about NAT on a FWSM. I don't believe it would be any different on a normal PIX appliance though.
The question is, do I need to implement some sort of NAT (whether static, or dynamic) to allow traffic between interfaces?
For instance, I have a firewall with several different interfaces. They all have different network addresses, using internal (RFC 1918?) addresses. I have no need to translate their source or destination IP's. I simply want to restrict specific hosts and ports using ACL's.
In this scenario, if I want to have traffic initiate from my less secure interface to my more secure, do I NEED to have a static translation set up? Or can I just make sure the ACL allows it in?
Hopefully that question makes sense.
As a follow up question, I am having a hard time understanding the use of static translations with the SAME IP's. For example:
Static (inside, outside) 10.0.0.0 10.0.0.0 netmask 255.255.255.0
Basically there is no translation being done at all. So is this statement even needed? I see it in many configs.
Thanks for the help!
- Dave