Hi, Well that wasn't too bad.

cisentmgr · ‎07-08-2014

I am trying to configure an ASA 5512 and am encountering a problem on how to set up. My organisation is assigned a subnet xxx.xxx.32.0/21 by it's parent, with the SDP (service delivery point) being xxx.xxx.xxx.32.1. I want to place the firewall before the SDP, but obviously the internal network is all part of the same subnet and I can't configure the inside and outside interfaces on the same subnet.

This is my first experience with CISCO kit so go gentle with me but I appreciate any assistance anyone can give. I'm not looking to configure any rules just yet, but rather just get the traffic routing via the firewall to start with.

Thanks,

Rob

Jouni Forss · ‎07-08-2014

Hi,

Sounds to me that your only option would be to configure the ASA in Transparent Mode which would mean that it would act like a switch between your external and internal network.

I have personally not really deployed Transparent firewalls as there has not been any real need for it in the scenarios I have handled.

Below is the link to the latest Configuration Guide document for the ASA (CLI version) related to the Firewall mode (Routed or Transparent)

http://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/general/asa-general-cli/intro-fw.html

Here is a link to the other sections of the Configurations Guide

http://www.cisco.com/c/en/us/support/security/asa-5500-series-next-generation-firewalls/products-installation-and-configuration-guides-list.html

If you were to go ahead using the ASA in Transparent Mode I would suggest you search online for basic instructions on how to set it up. You will probably find a more simple guide on some online blog rather than referring to a Cisco document (Configuration Guide). Though I would still suggest referring to the Cisco document for the specific information.

Other than that I guess you could consider splitting the network in question so that you only use a small subnet on the external side and route rest of the remaining subnets towards the firewalls external interface. Or perhaps this is not an option in this case?

Hope this helps :)

- Jouni

cisentmgr · ‎07-08-2014

Hi Jouni,

Thank you for the quick reply. I'll have a read up and mark your answer as correct if it all works out! Shame there is no helpful button.

Regards,

Rob

cisentmgr · ‎07-11-2014

Hi, Well that wasn't too bad. ASA is configured as transparent. Do I just need to physically install as a 'bump in the wire' by placing it in between the external router and the internal router so traffic can only flow via the ASA? Thanks, Rob

cisentmgr · ‎07-11-2014

Hi, Well that wasn't too bad. ASA is configured as transparent. Do I just need to physically install as a 'bump in the wire' by placing it in between the external router and the internal router so traffic can only flow via the ASA? Thanks, Rob

Jouni Forss · ‎07-11-2014

Hi,

To my understanding the Transparent firewall pretty much acts like a switch between the hosts and their gateway. So basically the hosts, ASAs BVI/Bridge interface and the networks/subnets gateway are all in the same network.

If you check the picture in this document

http://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/general/asa-general-cli/intro-fw.html#pgfId-1501273

You should see a network setup where the firewall is placed between the users and their gateway. In the pictures case the network 10.1.1.0/xx could correspond your network I guess.

- Jouni

ASA 5512 Configuration - Inside and Outside same subnet