ASA 8.x in transparent mode with DMZ

Unanswered Question
Nov 6th, 2008
User Badges:

I just want to confirm that a DMZ cannot be used in transparent mode. I have a need to be in transparent mode, but also need a DMZ. Are there any workarounds?

My other choice is to NAT the servers in the DMZ to an address space that exists on the outside.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Fernando_Meza Thu, 11/06/2008 - 15:54
User Badges:
  • Gold, 750 points or more

Hi,


You could have 2 contexts. Allocate 2 separate interfaces to context #1 (running on transparent mode) and the rest to context #2 (running on route mode). Of course there is some design involved but this is probably your way around it if applicable on your topology.


I hope it helps .. please rate helpful posts.



dhananjoy chowdhury Thu, 11/06/2008 - 23:03
User Badges:
  • Silver, 250 points or more

For the ASA firewall in multiple context mode, you can use only one firewall mode for all contexts, i.e, either transparent or routed mode.

Only starting from ASA/PIX 8.0(2), NAT/PAT is supported in the transparent firewall.


In FWSM, its possible to have mix of both transparent and routed mode firewall contexts on the same box.

Actions

This Discussion