I would like to implement the below design , and im wondering if its going to be valid.
PC(Access vlan 10)-----------SWITCH(SVI Vlan 10 , Vlan 20)------Trunk-------Bridge group 1-----ASA(Transparent)--Bridge group 1-------Trunk----Switch(SVI vlan 10 , Vlan 20)----------------PC(Vlan20)
I want traffic going from PC vlan 10 to reach PC vlan 20 and at the same time to be inspected by the transparent firewall ASA , i have read in many documents that the 2 interfaces of the firewall should be in different vlan but in my case here i would like to have both interfaces of the ASA as trunk and not to be assigned to a particular vlan , is this doable ??
We generally use trunk when we use different subnets and use subinterfaces on ASA. what you are trying to achieve, after all both the vlan you are trying to communicate with should have same subnet.i.e vlan 10 and vlan 20 can not be in different subnet.
A transparent firewall, is a Layer 2 firewall that acts like a "bump in the wire," or a "stealth firewall," and is not seen as a router hop to connected devices. The ASA connects the same network on its inside and outside interfaces.
Each directly connected network must be on the same subnet.
If you want the vlans to be in 2 different subnets, you wouldn't use a layer 2 firewall. You'd use a layer 3 firewall. With a layer 2 firewall, you break up one subnet into 2 VLANs and access to/from the inside protected network is controlled via a bridged virtual interface configured on the firewall that connects the 2 vlans.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...