Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

pix in transparent mode

hi group:

Recently I deployed pix running 7.0 transparent mode in our network.

If I put pix between switches with one vlan,everything is fine.If I put pix

between switches with trunking enabled,then all vlan traffic is dropped by pix.Does pix support 802.1q when in transparent mode?Thanks for comments.

3 REPLIES
New Member

Re: pix in transparent mode

Hi,

I am trying to deploy the ASA in transparent mode and it is giving me some trouble. Could you please send me a sample config if you have one.

Thanks.

New Member

Re: pix in transparent mode

All traffic is being denied even if I put permit any to any.

config below:

Zebra(config)# sh running-config

: Saved

:

ASA Version 7.0(1)

firewall transparent

names

!

interface Ethernet0/0

nameif tiger

security-level 0

!

interface Ethernet0/1

nameif house

security-level 0

!

interface Ethernet0/2

shutdown

no nameif

no security-level

!

interface Management0/0

nameif management

security-level 100

management-only

!

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

hostname Zebra

ftp mode passive

object-group icmp-type icmp-allowed

icmp-object echo

icmp-object echo-reply

access-list 150 extended permit ospf any any

access-list 150 extended permit icmp any any

access-list 150 extended permit ip any any

pager lines 24

logging enable

logging buffered informational

mtu tiger 1500

mtu house 1500

mtu management 1500

ip address 192.168.3.10 255.255.255.0

monitor-interface tiger

monitor-interface house

monitor-interface management

asdm image disk0:/asdm-501.bin

no asdm history enable

arp timeout 14400

access-group 150 in interface tiger

access-group 150 out interface tiger

access-group 150 in interface house

access-group 150 out interface house

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

username cisco password eGC86Ff9KODVs6D8 encrypted

http server enable

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp

telnet timeout 5

ssh timeout 5

console timeout 0

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map global_policy

class inspection_default

inspect dns maximum-length 512

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

!

service-policy global_policy global

Cryptochecksum:e2b4c627034e0e8791f9102bc7de4599

: end

Thanks in advance

New Member

Re: pix in transparent mode

access lists are not being hit when I check the sh access list. Any ideas at all? Seems like I am doing something very stupid. I just can't see what it is though.

129
Views
0
Helpful
3
Replies