https://community.cisco.com/t5/network-security/sourcefire-poc/m-p/2786930#M1032766 <P>Managing the ASA and SourceFire is usually done by the dedicated management ports. &nbsp;As such, you can configure the management port with an IP address belonging to any subnet you choose. &nbsp;Note that SourceFire needs to be able to download information from the Internet.</P> Mon, 04 Jan 2016 18:38:43 GMT Philip D'Ath 2016-01-04T18:38:43Z https://community.cisco.com/t5/network-security/sourcefire-poc/m-p/2786927#M1032760 <P>Hello guys i am doing sourcefire POC can anyone please guide me on the following</P> <P></P> <P>I have 5585 with source fire hardware module</P> <P></P> <P>Below is the topology after putting ASA 5585 {as of now there is no asa In between}</P> <P><IMG src="https://community.cisco.com/legacyfs/online/media/pimgpsh_fullsize_distr.jpg" class="migrated-markup-image" /></P> <P></P> <P>Here is the configuration&nbsp;</P> <P></P> <P>Core-1:<BR />interface GigabitEthernet1/3<BR />description Link to s-rl-ns-dat-1 <BR />ip address 10.200.0.1 255.255.255.252<BR />ip flow egress<BR />ip policy route-map _CO_INET<BR />ip ospf network point-to-point<BR />end</P> <P>CORE-2:<BR />interface GigabitEthernet1/5<BR />description Link to s-rl-ns-dat-2 <BR />ip address 10.200.0.69 255.255.255.252<BR />ip policy route-map _CO_INET<BR />ip ospf network point-to-point<BR />wrr-queue cos-map 2 2 3 6 7 <BR /> wrr-queue cos-map 3 1 4 <BR /> snmp ifindex persist<BR />end</P> <P>DAT-1:<BR />interface GigabitEthernet1/1/7<BR />description * Link to s-rl-ns-cor-1 <BR />no switchport<BR />ip address 10.200.0.2 255.255.255.252<BR />ip ospf network point-to-point<BR />ip ospf cost 5<BR />mls qos trust dscp<BR />end</P> <P>DAT-2:<BR />interface GigabitEthernet2/1/7<BR />description * Link to s-rl-ns-cor-2<BR />no switchport<BR />ip address 10.200.0.70 255.255.255.252<BR />ip policy route-map _CO_INET<BR />ip ospf network point-to-point<BR />mls qos trust dscp<BR />end</P> <P></P> <P></P> <P></P> <P>Can you please give me Idea how can i configure ASA 5585 in transparent mode</P> Tue, 12 Mar 2019 12:51:30 GMT https://community.cisco.com/t5/network-security/sourcefire-poc/m-p/2786927#M1032760 Nishad Dadhaniya 2019-03-12T12:51:30Z https://community.cisco.com/t5/network-security/sourcefire-poc/m-p/2786928#M1032762 <P>Put the ASA in transparent mode first:</P> <P><A href="http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/97853-Transparent-firewall.html">http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/97853-Transparent-firewall.html</A></P> <P></P> <P>Then configure SourceFire as normal.</P> Mon, 04 Jan 2016 13:33:07 GMT https://community.cisco.com/t5/network-security/sourcefire-poc/m-p/2786928#M1032762 Philip D'Ath 2016-01-04T13:33:07Z https://community.cisco.com/t5/network-security/sourcefire-poc/m-p/2786929#M1032764 <P>That i understood , I have couple of doubts</P> <P>1) we need to require BVI ?&nbsp;<BR />2) <SPAN>The management IP address must be on the same subnet as the connected network. ? as we have /30 its not possible&nbsp;<BR /><BR /></SPAN>what i am thinking is dis1 is inside 1 and dis2 is inside2 , core1 is outside1 and core2 is outside2</P> <P>and management IP which also is in same subnet as firepower hdw module but as management subnet is different then connected data network how can we achieve this ?&nbsp;</P> Mon, 04 Jan 2016 18:18:26 GMT https://community.cisco.com/t5/network-security/sourcefire-poc/m-p/2786929#M1032764 Nishad Dadhaniya 2016-01-04T18:18:26Z https://community.cisco.com/t5/network-security/sourcefire-poc/m-p/2786930#M1032766 <P>Managing the ASA and SourceFire is usually done by the dedicated management ports. &nbsp;As such, you can configure the management port with an IP address belonging to any subnet you choose. &nbsp;Note that SourceFire needs to be able to download information from the Internet.</P> Mon, 04 Jan 2016 18:38:43 GMT https://community.cisco.com/t5/network-security/sourcefire-poc/m-p/2786930#M1032766 Philip D'Ath 2016-01-04T18:38:43Z