If my question repeats something that has already been answered I apologies. From what I have been reading I don?t thing it will work but want to make sure. We have several PIXes protecting customers from each other. Right now they are running in routing mode and we were thinking about it would simplify our network layout to have pixes running in transparent mode so the default gateway would be the routers and not the pixes. I was hoping the transparent mode would be more layer 2 switch verses bridge. That multiple vlans can come into the pixes not just one per security contest, it seems to me from what I have been reading that we would go from supporting 25(-1 for outside) vlans to 3 if we have 3 service contexts running on our 515Es(each have 6 interfaces). Am I wrong, can the transparent mode pix understand vlan tagging and handle multiple vlans? Guess we are trying to setup a 6500ish design with the devices we have right now. Thanks.
Hi .. unfortunately with PIX devices on transparent mode, you are limited by the ammount of physical interfaces it currently has ..i.e A PIX with 6 interfaces will allow for the creation of 3 contexts of 2 interfaces each for protecting 3 segments.
If you already have a Cat 6500 I suggest you to consider the possibility of implementing a FWSM ( Firewall Service module ). With the firewall module running on single mode you can create a maximum of 8 bridge groups ( 2 interfaces-VLANs per bridge group) to protect 8 segments. Or if you prefer you can use multiple context mode, create one bride group per context and protect as many segments as you need.
Please refer to the belowlink for more information about FWSM and transparent mode.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...