Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
717
Views
0
Helpful
1
Replies

ASA 5510 in Transparent Mode-Guidelines.

shukla1975
Level 1
Level 1

‎10-12-2008 01:29 AM - edited ‎02-21-2020 03:02 AM

Dear all,

I need to convert routed mode to transparent mode on my ASA-5510 with inbuilt IPS.

let me know which of the following features configured on my firewall will have issue if converted to transparent mode:

1. static routes.

2. object-groups.

3. ACLS.

4. URL-filter (Websense).

5. IPS . ( i doubt this )

6. have 3 data and 1 Mgmt interfaces.

7. syslog.

8. SNMP

I'm sure point 5 and 6 will have issues, need to confirm.

need to confirm this by EOD,

( 5 hours more).

thanks in advance.

Shukla.

0 Helpful
1 Reply 1

Marwan ALshawi
VIP Alumni
VIP Alumni

‎10-12-2008 03:14 AM

Does not participate in routing protocols but can still pass routing protocol traffic through it. You can define static routes for the traffic originated by the ASA.

in transparante mode the devices dehind and infront of the firewall will be in the same ip subnet as the firewall will be a L2 device!!

ACLs can be configured normally

syslog as well

obgect groups as well

Address translation is inherent when a firewall is configured for routed mode. Beginning with

ASA 8.0, address translation can be used in transparent mode as well

Does not participate in multicast. However, it allows passing the multicast traffic through it using the ACLs.

Does not support QoS.

Inspects Layer 2 and higher packet headers

as long as u can use

policy-map global_policy

then u can integrate with IPS if u mean AIP-ssm modul

transparent also known as a Layer 2 firewall or a stealth firewall, because its

interfaces have no IP addresses and cannot be detected or manipulated. Only a single

management address can be configured on the firewall

In transparent mode, a firewall can support only two interfaces-the inside and the outside. If

your firewall supports more than two interfaces from a physical and licensing standpoint, you

can assign the inside and outside to two interfaces arbitrarily. As soon as those interfaces are

configured, the firewall does not permit a third interface to be configured.

Some platforms also support a dedicated management interface, which can be used for all

firewall management traffic. However, the management interface cannot be involved in

accepting or inspecting user traffic

Configure a management address:

Firewall(config)# ip address ip_address subnet_mask

The firewall can support only a single IP address for management purposes. The address is

not bound to an interface, as in routed mode. Rather, it is assigned to the firewall itself,

accessible from either of the bridged interfaces.

The management address is used for all types of firewall management traffic, such as Telnet,

SSH, HTTP, SNMP, Syslog, TFTP, FTP, and so on.

A transparent firewall can also support multiple security contexts. In that case, interface IP

addresses must be configured from the respective context. The system execution space uses

the admin context interfaces and IP addresses for its management traffic

You do not have to configure a static route for the subnet directly connected to the firewall

interfaces. However, you should define one static route as a default route toward the outside

public network

i wish i covered all ur questions

good luck

if helpful Rate

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card