Hi,

Thank you very much for reply.

I have tested the Transparent IOS Firewall and it works great.

As of now I have tested with icmp only.

The BVI1 is configured for remote access to the router for applying ACL and to monitor the router.

I have attached the test config and diagram.

Can you please check the config and see if I am missing any thing or some of the setups, which will not work in real environment.

Thank you.

Well it looks fine to me however i myself havent worked a lot on this. I think the best thing would be to test in the network and see if it works.

Hi,

Thank you very much for the help.

I`ll test it out with other applications and will let know the results.

Thank you.

Hi,

I tested the Transparent IOS Firewall with other applications it is working well.

But first I faced little problem, initially I disabled the IP CEF and IP ROUTING and tested the Internet traffic, I was able to access the web sites, but after some time the router crashes and reloads and gives bus error messages.

Then I enabled the IP CEF and IP ROUTING and tested the Internet traffic; there was no problem with router and every thing worked fine.

Does ASA 5500 series Adaptive Security Appliance supports the Transparent Firewall?

Thank you.

yes the asa also supportes transparent firewall

Is there any link for explanation and config details for ASA?

Sure... Please follow the link below:

http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_book09186a0080450278.html

BTW, I'm impressed and glad to see the IOS Transparent Firewall, I only thought that ASA / PIX is having Transparent Firewalls.

Regards,

Wilson Samuel

Hi,

I implemented the transparent firewall and it worked well.

But I faced problem in our backup line.

When our main line goes down, the ISP router re-routes the traffic to backup router.

The ping test from client to server in H.O worked perfectly thru backupline.

But the applications are not working.

The current setup is, the ISP router lan cable is directly connected to Transparent firewall interface (outside/wan side).

Transparent firewall interface (inside/lan side) is connected to L3 switch.

Backup line lan interface is connected to L3switch.

L3 switch default gateway is ISP router lan interface ip address.

All client pc`s default gateway is L# switch.

So when the main ISP line (wan) goes down, ISP router re-routes to backup line, as the application packets from client pc passes thru transparent firewall and ISP router forwards it to backup router.

But in transparent firewall, the sessions are already there and when the same packet enters the transparent firewall from wan side interface, I think it drops/blocks the packets.

Is it correct?

How to rectify this problem?

Is it OK if the backup router lan interface is shifted in-between to ISP router and transparent firewall, connecting all the three with a hub?

Thank you.

attached diagram "bcakupline with hub"

Is it OK if the backup router lan interface is shifted in-between to ISP router and transparent firewall, connecting all the three with a hub?

Will the problem be solved with this setup?

Any suggestions please ...