Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco ASA 5512 Transparent mode

                   Hi all - hope this is the right place to ask this question-

I'm having trouble understanding how to configure an ASA 5512X in what should be a really easy way -

I simply want the ASA to be a transparent Layer 2 "bump" in a routed link between two networks, and then I'll use the Management interface to actually see the firewall ASDM,Syslog, configure, etc.

I have the interfaces set up thusly:

interface GigabitEthernet0/0

nameif UnTrustedNetwork

security-level 0

interface GigabitEthernet0/1

nameif TrustedNetwork

security-level 100

interface Management0/0

nameif ManagementAccess

security-level 100

ip address 192.168.X.Y 255.255.255.0

management-only

I cannot figure out how to install a default route so that interface Management0/0 with it's IP of 192.168.X.Y can be reached from

other networks, like 10.6.X.Y, etc.

I thought the point of a Management interface was that you could set things up in such a way that the Management interface

was the only way you could access the firewall, and you did not have to have IP addresses on the Gig interfaces,

(at least not in transparent mode, for NAT you obviously would have to)

I tried to add a static route entry to 10.6.X.Y , but

when I typed "route.." my only available destination interfaces were either TrustedNetwork or UnTrustedNetwork ??

How do I configure the Management interface for non-local subnets to be reachable on the firewall in transparent mode?

1 ACCEPTED SOLUTION

Accepted Solutions

Cisco ASA 5512 Transparent mode

transparent firewall is configured differently from routed mode.

here's a basic config required:

firewall transparent               (erases the current config; does not require a reboot)

!

interface BVI1

ip address 192.168.10.10 255.255.255.0

!

interface GigabitEthernet0

nameif outside

bridge-group 1

security-level 0

!

interface GigabitEthernet1

nameif inside

bridge-group 1

security-level 100

!

route outside 0.0.0.0 0.0.0.0 192.168.10.254

route inside 10.0.0.0 255.0.0.0 192.168.10.100

I think that you need a BVI interface with an IP address before the ASA starts forwarding traffic

The old syntax (pre 8.3 or 8.2 not sure) forces only 2 interfaces and no BVI was configured... the IP was assigned in global config.

Hope that helps,

Patrick

2 REPLIES

Cisco ASA 5512 Transparent mode

transparent firewall is configured differently from routed mode.

here's a basic config required:

firewall transparent               (erases the current config; does not require a reboot)

!

interface BVI1

ip address 192.168.10.10 255.255.255.0

!

interface GigabitEthernet0

nameif outside

bridge-group 1

security-level 0

!

interface GigabitEthernet1

nameif inside

bridge-group 1

security-level 100

!

route outside 0.0.0.0 0.0.0.0 192.168.10.254

route inside 10.0.0.0 255.0.0.0 192.168.10.100

I think that you need a BVI interface with an IP address before the ASA starts forwarding traffic

The old syntax (pre 8.3 or 8.2 not sure) forces only 2 interfaces and no BVI was configured... the IP was assigned in global config.

Hope that helps,

Patrick

New Member

Cisco ASA 5512 Transparent mode

Thanks Patrick!

I did that -

I will test it.

279
Views
0
Helpful
2
Replies
CreatePlease login to create content