Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
287
Views
0
Helpful
3
Replies

ASA lossed features in Tranparent mode

mahmoud.yasin
Level 1
Level 1

‎04-15-2009 11:03 PM - edited ‎03-11-2019 08:19 AM

Dear

i have two ASA firewalls working as Active-Active. the scenario requires that the firewalls have to operate in transparent mode.

i want know if i loss the below features in transparent mode:

- AIP-SSM module

- Contexts (Active-Active)

- DMZ zone

- Sub interfaces (VLANs)

regarding the final point; each firewall have to be connected to two different routers for internet connection's (i have four routers in total), as a result each context must have two outside interfaces (sub interfaces) and each sub interface has a different tag.

Thanks

Labels:
0 Helpful
3 Replies 3

vikram_anumukonda
Level 3
Level 3

‎04-16-2009 12:04 AM

Active-Active is supported.

DMZ Zone - The transparent security appliance uses an inside interface and an outside interface only( remember the restriction of 2 interfaces in transparent mode )

not quite sure about the other 2, But I did use sub-interfaces on a single PIX ( multi-context ) in transparent mode.

HTH

Vikram

0 Helpful

mahmoud.yasin
Level 1
Level 1
In response to vikram_anumukonda

‎04-16-2009 03:51 AM

Dear Sir

thank you a lot for your reply.

i want to derive benefit from your experience regarding splitting the outside and inside interfaces to sub interfaces.

i have two outside routers for internet connections have to e connected to the firewall, so i want to divide the inside and outside interfaces to two sub interfaces; because each outside router has differnet internal IP addresses .

but the question is that in transparent mode, each interface has to get different VLAN "does this mean that i have to give the interface a tag" so how can i access the routers from the inside; by this it will be different network ( the inside and the outside considered as different networks).

Thanks

0 Helpful

vikram_anumukonda
Level 3
Level 3
In response to mahmoud.yasin

‎04-16-2009 05:24 AM

even though you configure different vlan-tag's on the inside & outside interfaces ( both the vlans share the same ip-address space ), that way having your gateway ip-address residing on the outside interface and hosts connected to the inside interface will help you in filtering the traffic as it passes through the firewall

check this example

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008089f467.shtml

even though the above example doesn't talk about context's it will help you understand the network design while implementing transparent firewall.

HTH

Vikram

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card