ASA lossed features in Tranparent mode

Unanswered Question

Dear


i have two ASA firewalls working as Active-Active. the scenario requires that the firewalls have to operate in transparent mode.


i want know if i loss the below features in transparent mode:


- AIP-SSM module


- Contexts (Active-Active)


- DMZ zone


- Sub interfaces (VLANs)


regarding the final point; each firewall have to be connected to two different routers for internet connection's (i have four routers in total), as a result each context must have two outside interfaces (sub interfaces) and each sub interface has a different tag.


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
vikram_anumukonda Thu, 04/16/2009 - 00:04

Active-Active is supported.


DMZ Zone - The transparent security appliance uses an inside interface and an outside interface only( remember the restriction of 2 interfaces in transparent mode )


not quite sure about the other 2, But I did use sub-interfaces on a single PIX ( multi-context ) in transparent mode.


HTH

Vikram


Dear Sir


thank you a lot for your reply.


i want to derive benefit from your experience regarding splitting the outside and inside interfaces to sub interfaces.


i have two outside routers for internet connections have to e connected to the firewall, so i want to divide the inside and outside interfaces to two sub interfaces; because each outside router has differnet internal IP addresses .


but the question is that in transparent mode, each interface has to get different VLAN "does this mean that i have to give the interface a tag" so how can i access the routers from the inside; by this it will be different network ( the inside and the outside considered as different networks).


Thanks

vikram_anumukonda Thu, 04/16/2009 - 05:24

even though you configure different vlan-tag's on the inside & outside interfaces ( both the vlans share the same ip-address space ), that way having your gateway ip-address residing on the outside interface and hosts connected to the inside interface will help you in filtering the traffic as it passes through the firewall


check this example


http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008089f467.shtml


even though the above example doesn't talk about context's it will help you understand the network design while implementing transparent firewall.




HTH

Vikram

Actions

This Discussion