Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 5512X Transparetn mode

Hi,

We have four IP pools, 192.168.1.0/24 to 192.168.4.0/24 total  1024 ips

we have two ISP for broadcasting our ASN

We have  configured 2 Cisco 2821 routers and 2 Cisco 3550 L3 Switches in a high  availabilty[HSRP and BGP] from the L3 switches we have connected

L2 switches.  From the L2 swiches the servers are connected.

We planned to commission a  firewall[Between the L3 and L2 switches],after much thought we acquired ASA  5512-x.

From the start we are facing the problem of configuring it, since  our setup has 4 IP pools, we needed to configure secondary IPs on ASA,  but

ASA 5512X doesnot support secondary IPs, So raised a ticket with cisco  TAC, stating the same; they said secondary IPs cannot be configured.

So  we tried to keep the firewall in transparent mode. But that created a new issue,  the management IP of ASA was set to 192.168.4.x series and only the  servers

which were on same subnet were reachable and the servers on different  subnets were not reachable.

Since the firewall is in transparent mode, it  should have the properties of L2 switch.

But as per the Cisco TAC, they  told that it will not work, for it to work a L3 or a router is to be put between  the ASA and L2.

Kindly provide you valuable  input,

Note.

The servers are virtualization servers which does  not support VLAN tagging.

1 REPLY
Bronze

ASA 5512X Transparetn mode

I believe this might help you:

Use transparent mode

create vlans for each of your prefixes

create subinterfaces on the asa for the vlans

create four bridge groups

assign the subinterfaces to the bridge groups

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/interface_complete_transparent.html#wp1382356

Rgds, MiKa

134
Views
0
Helpful
1
Replies
CreatePlease login to create content