How do you physically install an ASA in transparent mode into a network? I know that the inside and outside interfaces have to be on the same network. My question is how does the firewall connect between users and servers when there is a switch that connects everything. Do you just plug the firewall into the same vlan as the users and webservers, or does the firewall have to by physically connected to each webserver to work in transparent mode.
When the firewall is in transparent mode, I believe it can only forward traffic to its own subnet without additional routes. Any other remote subnet would need routes added to the firewall.
You wouldn't need to connect each physical server to the firewall, but the firewall needs to know how to get to the devices. You can connect the firewall into a L3 switch, assign a vlan to it, and then route all of your traffic to the webservers the way that you need to.
I've looked at the diagram, and that is why I'm not sure about how this is done. With the connection to the router, does the firewall have to be physically connected to the router for it to be a transparent firewall between the router and the server? Or is it just that you plug everything into a L2 switch on the same vlan, and somehow the switch knows to forward all traffic between the router and all other devices through the firewall?
I am actually placing an ASA with an IPS module between a firewall cluster and a server network to act as an IPS. I need to put the ASA in transparent mode to do this. What I am trying to understand is how does the transparent firewall work in terms of the traffic flowing through it. I only have one layer-2 switch stack which the firewall cluster will plug into and the server vlan connects to. I need for all traffic coming from the firewall cluster to the server vlan to flow through the ASA. Does the ASA have to be physically plugged into each of these firewalls in the cluster and connected to the server vlan on the switch for the traffic to be forced to go through the ASA? Or can the firewall cluster, ASA, and the servers all be plugged into the server vlan on that layer 2 switch stack and it all work somehow by layer 2 forwarding.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...