07-17-2006 12:09 AM - edited 02-21-2020 01:03 AM
I am new in pix firewall. May i know how to configure pix as a layer 2 transparent mode ? I can only get most of the info in route mode only.
07-17-2006 02:20 AM
Hi .. please see the below guidelines .. I suggest you to chekc the Admin guide as well from the below link
http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_book09186a00806a61b0.html
Follow these guidelines when planning your transparent firewall network:
? A management IP address is required; for multiple context mode, an IP address is required for each
context.
Unlike routed mode, which requires an IP address for each interface, a transparent firewall has an
IP address assigned to the entire device. The security appliance uses this IP address as the source
address for packets originating on the security appliance, such as system messages or AAA
communications.
The management IP address must be on the same subnet as the connected network. You cannot set
the subnet to a host subnet (255.255.255.255).
? The transparent security appliance uses an inside interface and an outside interface only. If your
platform includes a dedicated management interface, you can also configure the management
interface or subinterface for management traffic only.
In single mode, you can only use two data interfaces (and the dedicated management interface, if
available) even if your security appliance includes more than two interfaces.
Transparent Mode Overview
? Each directly connected network must be on the same subnet.
? Do not specify the security appliance management IP address as the default gateway for connected
devices; devices need to specify the router on the other side of the security appliance as the default
gateway.
? For multiple context mode, each context must use different interfaces; you cannot share an interface
across contexts.
? For multiple context mode, each context typically uses a different subnet. You can use overlapping
subnets, but your network topology requires router and NAT configuration to make it possible from
a routing standpoint.
? You must use an extended access list to allow Layer 3 traffic, such as IP traffic, through the security
appliance.
You can also optionally use an EtherType access list to allow non-IP traffic through.
I hope it helps ... please rate it if it does !!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide