Transparent mode setup

ddurocher99 · ‎05-23-2007

I am in the process of setting up a PIX 515e box in transparent mode. I have done all the basic configurations (set my inside and outside interfaces/enabled them, set the management interface, etc). I can ping from the device to both inside and outside hosts and I can manage the device from either inside or outside. My problem is that I cannot communicate between inside and outside hosts. The PIX does not seem to be passing traffic.

Am I missing someing in the basic configuration ?

Version is 7.2(2)

Thanks for any help!

hoogen_82 · ‎05-24-2007

Have a look at this page for a training module for setting up firewall in transparent mode.

http://www.cisco.com/web/learning/le31/le29/configuring_asa_pix_security_appliances.html

You could also post you configuration probably could look into it.

-Hoogen

Do rate helpful posts :)

ddurocher99 · ‎05-28-2007

I went through that as part of my troubleshooting, in fact I used the info from that training module to configure the pix box. Am I wrong in assuming that the basic config as outlined in the training module should get the box up and running and passing traffic from inside to outside hosts?

Here is the config, I've blocked out IPs and the hostname, it should be a default config except for the admin accesses that have been set up.

: Saved

:

PIX Version 7.2(2)

!

firewall transparent

hostname myfirewall

domain-name default.domain.invalid

enable password xxx

names

!

interface Ethernet0

nameif outside

security-level 0

!

interface Ethernet1

nameif inside

security-level 100

!

passwd xxx

boot system flash:/pix722.bin

ftp mode passive

clock timezone EST -5

clock summer-time EDT recurring

dns server-group DefaultDNS

domain-name default.domain.invalid

pager lines 24

logging enable

logging trap debugging

logging asdm debugging

logging host outside x.x.x.x

mtu outside 1500

mtu inside 1500

ip address x.x.x.x 255.255.255.0

icmp unreachable rate-limit 1 burst-size 1

asdm image flash:/asdm-522.bin

no asdm history enable

arp timeout 14400

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

username yyy password Z13OuyLCHVQtHpU9 encrypted privilege 15

aaa authentication ssh console LOCAL

aaa authorization command LOCAL

http server enable

http x.x.x.x 255.255.255.255 outside

http x.x.x.x 255.255.255.255 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet timeout 5

ssh x.x.x.x 255.255.255.255 outside

ssh timeout 5

console timeout 0

!

class-map inspection_default

match default-inspection-traffic

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

!

service-policy global_policy global

prompt hostname context

Cryptochecksum:xxx

: end