Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Transparent mode setup

I am in the process of setting up a PIX 515e box in transparent mode. I have done all the basic configurations (set my inside and outside interfaces/enabled them, set the management interface, etc). I can ping from the device to both inside and outside hosts and I can manage the device from either inside or outside. My problem is that I cannot communicate between inside and outside hosts. The PIX does not seem to be passing traffic.

Am I missing someing in the basic configuration ?

Version is 7.2(2)

Thanks for any help!


Re: Transparent mode setup

Have a look at this page for a training module for setting up firewall in transparent mode.

You could also post you configuration probably could look into it.


Do rate helpful posts :)

New Member

Re: Transparent mode setup

I went through that as part of my troubleshooting, in fact I used the info from that training module to configure the pix box. Am I wrong in assuming that the basic config as outlined in the training module should get the box up and running and passing traffic from inside to outside hosts?

Here is the config, I've blocked out IPs and the hostname, it should be a default config except for the admin accesses that have been set up.

: Saved


PIX Version 7.2(2)


firewall transparent

hostname myfirewall

domain-name default.domain.invalid

enable password xxx



interface Ethernet0

nameif outside

security-level 0


interface Ethernet1

nameif inside

security-level 100


passwd xxx

boot system flash:/pix722.bin

ftp mode passive

clock timezone EST -5

clock summer-time EDT recurring

dns server-group DefaultDNS

domain-name default.domain.invalid

pager lines 24

logging enable

logging trap debugging

logging asdm debugging

logging host outside x.x.x.x

mtu outside 1500

mtu inside 1500

ip address x.x.x.x

icmp unreachable rate-limit 1 burst-size 1

asdm image flash:/asdm-522.bin

no asdm history enable

arp timeout 14400

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

username yyy password Z13OuyLCHVQtHpU9 encrypted privilege 15

aaa authentication ssh console LOCAL

aaa authorization command LOCAL

http server enable

http x.x.x.x outside

http x.x.x.x inside

http x.x.x.x inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet timeout 5

ssh x.x.x.x outside

ssh timeout 5

console timeout 0


class-map inspection_default

match default-inspection-traffic



policy-map type inspect dns preset_dns_map


message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp


service-policy global_policy global

prompt hostname context


: end