i ran into a problem when trying to install an ASA Security Appliance with AIP-SSM in transparent firewall mode.
Please see the both attachments network-with-asa.pdf and network-without-asa.pdf which will introduce you to the network.
The first picture you should have a look to is network-without-asa.pdf. In this case everythings work fine. All devices are able to connect to the network 10.19.64.x (right router) and to the internet (left router).
Now i plugged in the ASA in transparent firewall mode to sniffer all traffic to the internet (network-with-asa.pdf). I don't understand what now happens:
All devices can connect to the internet, all Ping messages to 10.19.64.x are O.K., but neither TCP nor UDP connections can be established. There is a permit ip any any access-list statement in ASA and the ASA has an IP address in the network 10.119.x.x.
I thought ASA in transparent firewall mode is just like a "stealth device".
BTW: ASA is connected to the correct VLAN on the Layer-3-Switch ;-)
What is the source/destination of the traffic that you are having an issue with? Your diagram doesn't make it clear if the traffic would even go through the ASA if destined for the 'right side' network.
The source network is the internal LAN (10.19.0.x/24) and the destination is a brnch office with IP network 10.19.64.x/24). The routing should be handled by the "left" Layer-3 Switch, which has a route to 10.19.64.x/24 over the "right" Layer-3 Switch. These two switches are connected with a trunk. IMHO the ASA should never see the traffic destined for this network, because the switch should route it over the trunk...
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :