05-09-2007 02:01 PM - edited 03-11-2019 03:11 AM
hi all i am wondering how does the asa bridge between vlans in transparent mode.
i have r1 connetced to asa inside interface and they are configured in vlan 10
i have r2 connected to asa outside and they are in vlan 20.
till now i have learned for traffic between different vlans needs a routing device in between to forward traffic between them.
here when r1 in vlan 10 is sending traffic destined to vlan 20 how does the asa forward it.
cause traffic has to be forward within the same vlan. say for arp. r1 is doing a arp query for r1 which is in different vlan then how does this work.
can someone pls help me out in understanding this.
regards
sebastan
05-09-2007 10:56 PM
Hi Sebastan
the key thing to bear in mind is that even though you have 2 vlans you only use 1 ip subnet.
As you say in normal circumstances if you have 2 vlans you generally have 2 subnets one per vlan. And then yes the firewall would have to act as router between the 2 subnets. But in transparent mode you stilll have 2 vlans but you have the same IP subnet across both vlans. And the ASA bridges across the 2 vlans.
Hope this makes sense. Please come back with any other questions.
Jon
05-10-2007 04:21 AM
hi jon thanks for ur reply.
i got it and i know this works.
but can u pls tell me anyone one reason or benefit of me configuring vlans in transparent mode.
waiting for ur reply.
thanks once again.
regards
sebastan
05-10-2007 04:43 AM
Hi Sebastan
Transparent firewalls are useful for a number of things.
Firstly they require no ip address changes to any of your devices as they work at layer 2.
Secondly because they work at layer 2 they are in effect invisible as they are not acting as a layer 3 endpoint.
In addition they can allow a router on one side of the firewall to peer with a firewall on the other side of the firewall via EIGRP/OSPF etc. This can be quite useful in some designs.
HTH
Jon
05-10-2007 07:38 AM
hi jon i guess u didn;t get my question right. i know all the benefits of asa in transparent mode.
i was asking what is the need for configuring vlans when asa in transparent mode .
can u pls reply to that.
waiting for ur reply.
regards
sebastan
05-10-2007 10:38 AM
Hi Sebastan
Apologies for misreading the question. Still not 100% sure what you are asking but lets see if this gets any closer.
When a device, be it a load-balancer such as the CSM or an ASA acts in bridge mode you have to have separate vlans on either interface otherwise you are in danger of creating a layer 2 loop in the switched network. If you bridge across the same vlan then you will in effect create a loop so you use 2 vlans but the same IP subnet across both vlans.
Hope this has answered your question.
Jon
05-11-2007 02:45 AM
thanks jon.
regards
sebastan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide