I m trying to configure ASA 5540 in transparent firewall mode. The server farm is connected to the inside zone and users are connected to the outside zone on Multiple VLANS routed via Inter-VLAN routing using core switch.
As per Cisco Configuration guidelines for transparent firewall,INSIDE and OUTSIDE ZONE are configured to be in two different VLANS while the gateway ip address of the server farm is configured on the core switch.
The transparent firewall works fine if connected to TWO different switches with ACL permit any any on the outside interface. But if TWO DIFFERENT VLANS ( ex. 111 & 222 ) are configured on the same Catalyst 4500 switch and the inside zone and outside zone ( 222 ) is connected to the respective ASA 5540 interfaces in TRANSPARENT MODE - inside interface to port 3/0/1 in VLAN 111 & Outside Interface to port 3/0/2 in VLAN 222, traffic is not flowing thru.
VLAN 222 USED FOR SERVER FARM CONNECTED TO INSIDE ZONE HAS THE DEFAULT GATEWAY ADDRESS CONFIGURED in the CORE SWITCH under INT VLAN 111 which is connected to OUTSIDE interface of ASA.
Core Switch int gig1/0/1...>vlan 111...>ASA OUTSIDE...>Vlan 222...> server farm in vlan 222
No ARP entries are seen on the inside interface.Ethertype ACL to allow BPDU's on both INSIDE AND OUTSIDE interface of ASA has also been configured.
Can you please provide me guidelines and a step by step procedure to configure ASA 5540 in transparent Firewall mode with INSIDE & OUTSIDE Interface connecting to TWO different VLANS on the same Catalyst SWITCH.
If you download a text configuration to the security appliance that changes the mode with the firewall transparent command, be sure to put the command at the top of the configuration; the security appliance changes the mode as soon as it reads the command and then continues reading the configuration you downloaded. If the command is later in the configuration, the security appliance clears all the preceding lines in the configuration.
Bump - anyone? Is it possible to terminate both the inside and outside interfaces of a transparent firewall to a single Layer 3 switch? Seems like ARP from the switches Layer 3 interface would prevent this from working.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...