ASA Transparent Mode

Mandlenkosi1 · ‎07-31-2012

Hi Guys

On the ASA running the 8.4.4.1 code in transparent mode.

Can I create sub interfaces in different vlans and attach them to different BVI groups?

switch---trunk---ASA---Trunk---switch

Gig0/1.1 vlan 100 bridge-gr1 Gig0/2.1 vlan 101 bridge-gr1

Gig0/1.2 vlan 200 bridge-gr2 Gig0/2.2 vlan 201 bridge-gr2

Is this possible?

Thanks

saxenanitesh8522 · ‎08-01-2012

Hi,

i think this possible... but you to make sure that asa generates automatic new mac address for those interfaces and you to allow "same-security-traffic"

do rate if helpful

nkarthikeyan · ‎08-01-2012

Hi,

Yes you can do that. Please refer the below mentioned guide for better understanding.

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/interface_complete_transparent.html

Please do rate if the given information helps.

By

Karthik

Mandlenkosi1 · ‎08-01-2012

Thanks Guys

What I am trying to figure out is whether the ASA will forward traffic properly.

The documentation seems to suggest that BVI’s are tied to physical interfaces not logical interfaces.

Nitesh I thought the auto-mac was just for ASA’s in multiple context mode.

saxenanitesh8522 · ‎08-01-2012

my mistake about the mac address..

may i ask why you want to use logical interface and that even in transparent mode??

what are you trying to achieve?

Mandlenkosi1 · ‎08-01-2012

Hi Nitesh

I have a existing client network that I cannot change.

I need to find a way to protect a segment with changing address.

saxenanitesh8522 · ‎08-01-2012

are you planning to deploy the firewall at the perimeter??

Transparent FW is good but you will need to configure alot of rules and then you wont be getting the features of VPN and other benefits.

What is your plan?