[c-nsp] FWSM & same-security-traffic questions
matthew zeier
mrz at velvet.org
Wed Jul 12 22:37:09 EDT 2006
Deploying a new FWSM with one outside interface and 10 or so inside
interfaces. All are "inside" and seperated as different purposed inside
networks but generally all the same security-wise (none is higher or lower
than the other in practical terms).
My requirements are that inter-interface traffic talk non-NAT'd and are
policied by ACLs (build can't talk to qa machines but can talk to the
interface with the cvs server, for example).
Is it best to use "same-security-interface permit inter-interface" ? What are
the drawbacks? Can I use ACLs?
Or is it better to use different security-level interfaces along with "nat
(qa) 0 ..." and access-lists applied to interfaces?
Thanks - mz.
More information about the cisco-nsp
mailing list