Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3870
Views
0
Helpful
2
Replies

asa transparent mode

asim.mz99
Level 1
Level 1

‎08-02-2008 11:23 AM - edited ‎03-11-2019 06:24 AM

1, Do asa support VPN in transparent mode.

2, What is the benefit of using transparent mode over routed mode.

Labels:
0 Helpful
2 Replies 2

dhananjoy chowdhury
Level 5
Level 5

‎08-02-2008 12:00 PM

1. The transparent firewall supports site-to-site VPN tunnels for management connections to the FW only. It does not terminate VPN connections for traffic through the security appliance. Check this link for all unsupported features in transparent mode :

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008089f467.shtml#unsupp

2. Benefits of Transparent mode:

<>--- ---- <>

Suppose you have a NW setup like this wherein you want to filter traffic using a FW, but without changing any routing either on the LAN side or the router.

Then you just put in a FW in transparent mode to intercept/ control the traffic.

<>--- -------<>----<>

Again, there may be a case wherein there are servers and user systems in the same IP subnet,

now you want to have access control without changing anything on the servers or the users system

Then you put in a Transparent-FW and seggregate the LAN.

Benefits of Routed mode:

- supports features like NATting, VPN tunnels establishment, Dynamic routing , etc.

0 Helpful

Farrukh Haroon
VIP Alumni
VIP Alumni

‎08-02-2008 12:00 PM

Hello Asim

1) In transparent mode, VPNs are only supported for management purposes (as in terminated on the firewall itself)

2) With transparent mode:

> You can add the firewall without re-addressing your network (which can be a pain sometimes).

> In Multiple mode, ASA does not support dynamic routing, with transparent mode you can work around this and let the routing protocol traffic 'through' the ASA/PIX/FWSM.

> You can do some MAC/ARP spoofing controls which are not available in routed mode.

These are some of the benefits, rate if helpful.

Regards

Farrukh

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card