asa transparent mode

Unanswered Question
Aug 2nd, 2008

1, Do asa support VPN in transparent mode.

2, What is the benefit of using transparent mode over routed mode.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
dhananjoy chowdhury Sat, 08/02/2008 - 12:00

1. The transparent firewall supports site-to-site VPN tunnels for management connections to the FW only. It does not terminate VPN connections for traffic through the security appliance. Check this link for all unsupported features in transparent mode :

2. Benefits of Transparent mode:

<>--- ---- <>

Suppose you have a NW setup like this wherein you want to filter traffic using a FW, but without changing any routing either on the LAN side or the router.

Then you just put in a FW in transparent mode to intercept/ control the traffic.

<>--- -------<>----<>

Again, there may be a case wherein there are servers and user systems in the same IP subnet,

now you want to have access control without changing anything on the servers or the users system

Then you put in a Transparent-FW and seggregate the LAN.

Benefits of Routed mode:

- supports features like NATting, VPN tunnels establishment, Dynamic routing , etc.

Farrukh Haroon Sat, 08/02/2008 - 12:00

Hello Asim

1) In transparent mode, VPNs are only supported for management purposes (as in terminated on the firewall itself)

2) With transparent mode:

> You can add the firewall without re-addressing your network (which can be a pain sometimes).

> In Multiple mode, ASA does not support dynamic routing, with transparent mode you can work around this and let the routing protocol traffic 'through' the ASA/PIX/FWSM.

> You can do some MAC/ARP spoofing controls which are not available in routed mode.

These are some of the benefits, rate if helpful.




This Discussion