07-03-2007 06:55 AM - edited 03-09-2019 06:18 PM
what is the difference between transparent mode and routed mode on cisco asa in terms of security?
thanks.
07-03-2007 07:53 AM
Hi
I think the following link can answer your question:
http://www.cisco.com/en/US/docs/security/asa/asa71/configuration/guide/fwmode.html
Regards
Rohit
07-09-2007 03:13 AM
To summarize it in short.
in a routed mode you have more command over your network in terms of security you can define multiple DMZs and enable static or dynamic routing or NATTING. also configure VPN clients on a seperate DMZs with different security levels for inside and outside and VPN etc.
in a practical environment we hardly use ASA in transparent mode..since it does not provide security at an enterprise level. atlease ive not seen one till yet. it does not allow routing. it does not do NAT or PAT. it cannot forward CDP information if you manage your devices from CNA or any other cisco discovery ..
:-) hope that helps..
plz do rate..
07-10-2007 08:06 PM
So any upside to transparent mode - lol
07-10-2007 10:59 PM
:-)
Just to put another side of the discussion. Transparent mode can be very useful if
1) you need to pass non IP protocols through your firewall such as IPX, Appletalk etc.
2) If you would like 2 routers on either side of your firewall to establish adjancies
3) To insert very quickly into an existing network setup - requires no IP addressing changes anywhere.
4) If you are using Route Health Injection feature on your CSM-S modules which again needs layer 2 adjacency with a router.
It's really dependant on your needs. Certainly i wouldn't use the FWSM in transparent mode as the Internet front door, but a lot of people use the FWSM in their data centres as we do and although i agree that routed mode is probably deployed more commonly you shouldn't rule out transparent for certain situations.
HTH
Jon
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: