Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Vpn in transparent mode

Hi,

i have a pix 515e v7.12.

When i use it in transparent mode,can i configure it to perform site to site vpn ?

Thank you,

Mauro

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: Vpn in transparent mode

the cisco pix or the asa with the 7.0 code will not support vpn in trnaparent mode. it can only support vpn for management purpose only and nothing else. u cannot even terminate vpn on a router behind the asa in transparent mode also. but netscreen does. hope this helps.

see ya

regards

sebastan

3 REPLIES
New Member

Re: Vpn in transparent mode

Hello Mauro,

I did a quick search on the site and I think that this may help to answer your question and hopefully show you some configuration options.

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_book09186a0080107ed1.html

Cheers,

Chris

New Member

Re: Vpn in transparent mode

the cisco pix or the asa with the 7.0 code will not support vpn in trnaparent mode. it can only support vpn for management purpose only and nothing else. u cannot even terminate vpn on a router behind the asa in transparent mode also. but netscreen does. hope this helps.

see ya

regards

sebastan

Re: Vpn in transparent mode

Hi .. please see below

" Unsupported Features in Transparent Mode

The following features are not supported in transparent mode:

• NAT

NAT is performed on the upstream router.

• Dynamic routing protocols

You can, however, add static routes for traffic originating on the security appliance. You can also

allow dynamic routing protocols through the security appliance using an extended access list.

• IPv6

• DHCP relay

The transparent firewall can act as a DHCP server, but it does not support the DHCP relay

commands. DHCP relay is not required because you can allow DHCP traffic to pass through using

an extended access list.

• Quality of Service

• Multicast

You can, however, allow multicast traffic through the security appliance by allowing it in an

extended access list.

• VPN termination for through traffic

The transparent firewall supports site-to-site VPN tunnels for management connections only. It does

not terminate VPN connections for traffic through the security appliance. You can pass VPN traffic

through the security appliance using an extended access list, but it does not terminate

non-management connections."

I hope it helps .. please rate it if it does !!!

111
Views
0
Helpful
3
Replies