Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

why ASA in transparent mode require same ip subnet to that of connected network

In  ASA transparent mode, Why it is necessary to keep management ip in the same subnet to that of connected network?

what if I keep management ip in diffrent subnet than that of connected network?

If I do so does the traffic move through the asa and why?

thanxs.

  • Firewalling
Everyone's tags (7)
1 ACCEPTED SOLUTION

Accepted Solutions

why ASA in transparent mode require same ip subnet to that of co

Hello Vijay,

As you say you can use another one, That's correct but the thing is that the management IP is not only used for management purporses.

That's were you are missing the point.

That IP address assigned to the ASA as a whole will also be used for ARP requests when the ASA does not know where the destination hosts lies and it's not on the same subnet than the ASA.

It will also be used as a source for packets going to a syslog server, AAA server, Netflow server, SNMP server and any packet that the ASA will need to create so with that in mind the routing of the network will need to be changed to work with this.

If you get to accomplish that the routing of the network works with a different Management IP address on the transparent address then you can do it. I can ensure you I have seen this scenario before working with no issues at all bud.

Just to remember rate all of the helpful posts like this one

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
5 REPLIES

why ASA in transparent mode require same ip subnet to that of co

Hello Vijay,

As you say you can use another one, That's correct but the thing is that the management IP is not only used for management purporses.

That's were you are missing the point.

That IP address assigned to the ASA as a whole will also be used for ARP requests when the ASA does not know where the destination hosts lies and it's not on the same subnet than the ASA.

It will also be used as a source for packets going to a syslog server, AAA server, Netflow server, SNMP server and any packet that the ASA will need to create so with that in mind the routing of the network will need to be changed to work with this.

If you get to accomplish that the routing of the network works with a different Management IP address on the transparent address then you can do it. I can ensure you I have seen this scenario before working with no issues at all bud.

Just to remember rate all of the helpful posts like this one

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

why ASA in transparent mode require same ip subnet to that of co

Thanx jcarvaja ...

why ASA in transparent mode require same ip subnet to that of co

Hello Vijay,

Any time Sr.

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

why ASA in transparent mode require same ip subnet to that of co

thanxs for the reply Julio Carvajal Segura. If I want any assistance regarding networking I will contact you on your Email as you have specified.

Once again thanxs a lot.

why ASA in transparent mode require same ip subnet to that of co

Hello Vijay,

Sure, it will be my pleasure to work with you.

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
179
Views
5
Helpful
5
Replies