Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

transparen and routed mode diff. security wise

what is the difference between transparent mode and routed mode on cisco asa in terms of security?


Cisco Employee

Re: transparen and routed mode diff. security wise


I think the following link can answer your question:



New Member

Re: transparen and routed mode diff. security wise

To summarize it in short.

in a routed mode you have more command over your network in terms of security you can define multiple DMZs and enable static or dynamic routing or NATTING. also configure VPN clients on a seperate DMZs with different security levels for inside and outside and VPN etc.

in a practical environment we hardly use ASA in transparent mode..since it does not provide security at an enterprise level. atlease ive not seen one till yet. it does not allow routing. it does not do NAT or PAT. it cannot forward CDP information if you manage your devices from CNA or any other cisco discovery ..

:-) hope that helps..

plz do rate..

New Member

Re: transparen and routed mode diff. security wise

So any upside to transparent mode - lol

Hall of Fame Super Blue

Re: transparen and routed mode diff. security wise


Just to put another side of the discussion. Transparent mode can be very useful if

1) you need to pass non IP protocols through your firewall such as IPX, Appletalk etc.

2) If you would like 2 routers on either side of your firewall to establish adjancies

3) To insert very quickly into an existing network setup - requires no IP addressing changes anywhere.

4) If you are using Route Health Injection feature on your CSM-S modules which again needs layer 2 adjacency with a router.

It's really dependant on your needs. Certainly i wouldn't use the FWSM in transparent mode as the Internet front door, but a lot of people use the FWSM in their data centres as we do and although i agree that routed mode is probably deployed more commonly you shouldn't rule out transparent for certain situations.



CreatePlease to create content