i have two ASA firewalls working as Active-Active. the scenario requires that the firewalls have to operate in transparent mode.
i want know if i loss the below features in transparent mode:
- AIP-SSM module
- Contexts (Active-Active)
- DMZ zone
- Sub interfaces (VLANs)
regarding the final point; each firewall have to be connected to two different routers for internet connection's (i have four routers in total), as a result each context must have two outside interfaces (sub interfaces) and each sub interface has a different tag.
i want to derive benefit from your experience regarding splitting the outside and inside interfaces to sub interfaces.
i have two outside routers for internet connections have to e connected to the firewall, so i want to divide the inside and outside interfaces to two sub interfaces; because each outside router has differnet internal IP addresses .
but the question is that in transparent mode, each interface has to get different VLAN "does this mean that i have to give the interface a tag" so how can i access the routers from the inside; by this it will be different network ( the inside and the outside considered as different networks).
even though you configure different vlan-tag's on the inside & outside interfaces ( both the vlans share the same ip-address space ), that way having your gateway ip-address residing on the outside interface and hosts connected to the inside interface will help you in filtering the traffic as it passes through the firewall
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :