Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
253
Views
5
Helpful
1
Replies

Pix layer 2 transparent mode

weehengno1
Level 1
Level 1

‎07-17-2006 12:09 AM - edited ‎02-21-2020 01:03 AM

I am new in pix firewall. May i know how to configure pix as a layer 2 transparent mode ? I can only get most of the info in route mode only.

0 Helpful
1 Reply 1

Fernando_Meza
Level 7
Level 7

‎07-17-2006 02:20 AM

Hi .. please see the below guidelines .. I suggest you to chekc the Admin guide as well from the below link

http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_book09186a00806a61b0.html

Follow these guidelines when planning your transparent firewall network:

? A management IP address is required; for multiple context mode, an IP address is required for each

context.

Unlike routed mode, which requires an IP address for each interface, a transparent firewall has an

IP address assigned to the entire device. The security appliance uses this IP address as the source

address for packets originating on the security appliance, such as system messages or AAA

communications.

The management IP address must be on the same subnet as the connected network. You cannot set

the subnet to a host subnet (255.255.255.255).

? The transparent security appliance uses an inside interface and an outside interface only. If your

platform includes a dedicated management interface, you can also configure the management

interface or subinterface for management traffic only.

In single mode, you can only use two data interfaces (and the dedicated management interface, if

available) even if your security appliance includes more than two interfaces.

Transparent Mode Overview

? Each directly connected network must be on the same subnet.

? Do not specify the security appliance management IP address as the default gateway for connected

devices; devices need to specify the router on the other side of the security appliance as the default

gateway.

? For multiple context mode, each context must use different interfaces; you cannot share an interface

across contexts.

? For multiple context mode, each context typically uses a different subnet. You can use overlapping

subnets, but your network topology requires router and NAT configuration to make it possible from

a routing standpoint.

? You must use an extended access list to allow Layer 3 traffic, such as IP traffic, through the security

appliance.

You can also optionally use an EtherType access list to allow non-IP traffic through.

I hope it helps ... please rate it if it does !!!

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card