I have a 5550 running in Transparent mode. The purpose of using Transparent mode was so I could insert it between the external router (going to the internet) and the layer 3 switch (connecting to the users). Both of these devices share a /30 network. The documentation for the ASA 5550 says that "The managment IP address must be on the same subnet as the connected network." It also states that "If the managment IP address is not configured, transient traffic does not pass through the transparent firewall." I noticed after I configured an IP address for the managment 0/0 interface that there was still an option in the ADSM to configure a managment IP. Can I still use the same IP I configured on the management 0/0 interface?
My understanding is a management IP address is required for management only. The ASA uses the IP as a source address for packet originated on the ASA such as AAA, SNMP messages. The Management IP address must be on the same subnet as the connected network since the ASA is not doing any routing lookup.
So I can go into the ASDM>Configuration>Properties and remove the Management IP Address as long as I have the IP configured on the Management Interface 0/0? Since the firewall is running in Transparent mode, can I manage it from the outside?
I think that is the problem that I have not being able to manage it from the outside. Since I placed it on an existing /30 network there was no IP avaialbe which is why I went with transparent and assigned the IP to the management interface. I guess I will have to redesign that part of the network to include an IP for the ASA.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...