transparen and routed mode diff. security wise

Unanswered Question
Jul 3rd, 2007

what is the difference between transparent mode and routed mode on cisco asa in terms of security?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
a.shaukat Mon, 07/09/2007 - 03:13

To summarize it in short.

in a routed mode you have more command over your network in terms of security you can define multiple DMZs and enable static or dynamic routing or NATTING. also configure VPN clients on a seperate DMZs with different security levels for inside and outside and VPN etc.

in a practical environment we hardly use ASA in transparent mode..since it does not provide security at an enterprise level. atlease ive not seen one till yet. it does not allow routing. it does not do NAT or PAT. it cannot forward CDP information if you manage your devices from CNA or any other cisco discovery ..

:-) hope that helps..

plz do rate..

Jon Marshall Tue, 07/10/2007 - 22:59


Just to put another side of the discussion. Transparent mode can be very useful if

1) you need to pass non IP protocols through your firewall such as IPX, Appletalk etc.

2) If you would like 2 routers on either side of your firewall to establish adjancies

3) To insert very quickly into an existing network setup - requires no IP addressing changes anywhere.

4) If you are using Route Health Injection feature on your CSM-S modules which again needs layer 2 adjacency with a router.

It's really dependant on your needs. Certainly i wouldn't use the FWSM in transparent mode as the Internet front door, but a lot of people use the FWSM in their data centres as we do and although i agree that routed mode is probably deployed more commonly you shouldn't rule out transparent for certain situations.




This Discussion