09-27-2013 07:27 AM - edited 03-11-2019 07:44 PM
Guys,
I have a doubt.
I'm using FWSM and put the rule bellow:
access-list INTERNAL extended permit ip host 10.0.0.10 host 172.31.51.10
static (SERVER,INTERNAL) 172.31.51.10 172.31.51.10 netmask 255.255.255.255
I want that the folowing:
Source:10.0.0.10 --> Destination: 172.30.51.10 Port: ANY
The rule works perfectly, but, I don't know why, the server 172.31.51.10 can connect to 10.0.0.10. Why this occurs? I don't want that this occur.
Thank you!
09-27-2013 08:31 AM
What is the use of the identity NAT statement?
Also in order to deny the flows initiated from the reverse side, you can just create the reverse deny rule and apply on the other interface.
09-27-2013 08:56 AM
Kanani,
I used NAT to permit the connection between the networks.
I understand that if I create a new rule to deny will work, but imagine if this happens to all the rules.
In fact I believe that should be occurring.
Is there any global setting FWSM does not permit this rule to work in reverse?
Thank you!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide