ASA 5505 Transparent Firewall COnfiguration How To

Unanswered Question
Sep 12th, 2007

Hi Guys!

I am stuck i want to configure an ASA 5505 in transparent mode (7.x). SOmehow i got it to work.. but i need some kind of step by step description. I just wantto connect it with outside on a route .. inside in my LAn. Its working now with one ASA.. i have no idea why. But in the Web Interface the Interfaces inside and outside are down.. but its working.

So whats the correct way of configuring (from scratch) ?

THANKS

marco

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.3 (3 ratings)
Loading.
rajbhatt Thu, 09/13/2007 - 01:16

Hi,

Here is a lab config :

router

172.150.150.1

|

|

|

|

PIX <---- 172.150.150.2

|

|

|

|

172.150.150.3

inside router

pixfirewall(config)# sh run

: Saved

:

PIX Version 7.0(1)

firewall transparent

names

!

interface Ethernet0

nameif outside

security-level 0

!

interface Ethernet1

nameif inside

security-level 100

!

interface Ethernet2

shutdown

no nameif

no security-level

!

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

hostname pixfirewall

ftp mode passive

access-list outside_in extended permit icmp any any

access-list outside_in extended permit tcp any host 172.150.150.3 eq telnet

no pager

logging console debugging

ip address 172.150.150.2 255.255.255.0

no failover

monitor-interface outside

monitor-interface inside

access-group outside_in in interface outside

route outside 0.0.0.0 0.0.0.0 172.150.150.1 1

kmmehlkmmehl Fri, 09/14/2007 - 23:20

hi

thanks

what about the vlans? i tried this but then it says i needtohave vlans configured...i cant see that in your config! (inside / outside)

a.alekseev Sat, 09/15/2007 - 02:50

firewall mode transparent

!

interface Vlan1

nameif inside

security-level 100

!

interface Vlan2

nameif outside

security-level 0

!

interface Ethernet0/0

switchport access vlan 2

no sh

!

interface Ethernet0/1

no sh

!

interface Ethernet0/2

no sh

!

interface Ethernet0/3

no sh

!

interface Ethernet0/4

no sh

!

interface Ethernet0/5

no sh

!

interface Ethernet0/6

no sh

!

interface Ethernet0/7

no sh

!

access-list OUTSIDE-IN permit ip any any #you can permit something what you want

access-group OUTSIDE-IN in int outside

E0/0 - connected to the router

E0/1 -7 connected to your LAN

jayakireetikesani Tue, 11/06/2012 - 14:15

Hi, I need help in configuring Transparent Firewall in my ntwrk.

Setup:

Router

    |

ASA

    |

Switch

My question is:

In my original setup i dont have any ASA. Now we would like to insert an ASA in middle.

We have sub interfaces on the router for different vlans. Now when I configure vlans on ASA for inside and outside and assign to Ethernet interfaces, will the ASA allow traffic which are with different vlans.

---------------------------------------

Should I assign the interface connectd to router as Trunk or will this work.

My router has the below interfaces

EEIPL-RTR-1#sh ip int br

Interface                  IP-Address      OK? Method Status                Protocol

FastEthernet0/0            unassigned      YES NVRAM  up                    up 

FastEthernet0/0.242        10.28.242.1     YES NVRAM  up                    up 

FastEthernet0/0.243        10.28.243.1     YES NVRAM  up                    up 

FastEthernet0/0.244        10.28.244.1     YES NVRAM  up                    up 

FastEthernet0/0.245        10.28.245.1     YES NVRAM  up                    up 

FastEthernet0/0.246        10.28.246.1     YES NVRAM  up                    up

Will my basic ASA transparent firewall config will allow the traffic.

ASA config:

interface vlan 1

nameif inside

interface vlan 2

nameif outside

interface eth0/0

switchport access vlan 1

interface eth0/1

switchport access vlan 2

------------------------------------------------

Please do reply ASAP.

Actions

This Discussion