https://community.cisco.com/t5/network-security/asa-transparent-mode-traffic-redirection/m-p/2753149#M177799 <P>When you say "redirect", what do you mean? Do you want to use the ASA as your client gateway? What role do you want the ASAs to perform? Do you want specific access policies for each VLAN? Please explain?</P> Wed, 14 Oct 2015 04:27:35 GMT Andre Neethling 2015-10-14T04:27:35Z https://community.cisco.com/t5/network-security/asa-transparent-mode-traffic-redirection/m-p/2753144#M177782 <P>Hi everyone,</P><P>I have two firewall ASA 5585X deployed in transparent mode and two catalyst 6500 VSS (core switches). I want to redirect traffic from core switches to&nbsp;&nbsp;ASA. How can i do ? I have many VLANs on core switches. Thank you./.</P> Tue, 12 Mar 2019 06:44:17 GMT https://community.cisco.com/t5/network-security/asa-transparent-mode-traffic-redirection/m-p/2753144#M177782 tran.van.tien 2019-03-12T06:44:17Z https://community.cisco.com/t5/network-security/asa-transparent-mode-traffic-redirection/m-p/2753145#M177785 <P>a có biết NAT DNS trên ASA&nbsp;ko ạ???&nbsp;</P> Tue, 13 Oct 2015 08:23:20 GMT https://community.cisco.com/t5/network-security/asa-transparent-mode-traffic-redirection/m-p/2753145#M177785 pokemon284 2015-10-13T08:23:20Z https://community.cisco.com/t5/network-security/asa-transparent-mode-traffic-redirection/m-p/2753146#M177788 <P>Hi Tran,</P><P>In transparent mode of Firewall, you needs to create bridge groups to the vlans at both (in/out) side of firewall.</P><P>Example: Configuration on Inside/outside interfaces:</P><P>interface TenGigabitEthernet0/6</P><P>&nbsp;&nbsp;&nbsp; vlan 20<BR />&nbsp;&nbsp;&nbsp; nameif inside<BR />&nbsp;&nbsp;&nbsp; bridge-group 1<BR />&nbsp;&nbsp;&nbsp; security-level 100</P><P>interface TenGigabitEthernet0/7</P><P>&nbsp;&nbsp;&nbsp; vlan&nbsp;30<BR />&nbsp;&nbsp;&nbsp; nameif&nbsp;outside<BR />&nbsp;&nbsp;&nbsp; bridge-group 1<BR />&nbsp;&nbsp;&nbsp; security-level 0</P><P>Now please configure "BVI" interface with one IP from the same IP Subnet for which you want to pass traffic through firewall:</P><P><BR />interface BVI1</P><P>ip address 192.168.10.9&nbsp;255.255.255.0 standby 192.168.10.10&nbsp; (any free IP can be assigned from subnet)</P><P>Now, please allow interested traffic on ouside Interface via access-list. This will&nbsp;redirect traffic through transparent firewall.</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 13 Oct 2015 18:50:05 GMT https://community.cisco.com/t5/network-security/asa-transparent-mode-traffic-redirection/m-p/2753146#M177788 Rajneesh Dhiman 2015-10-13T18:50:05Z https://community.cisco.com/t5/network-security/asa-transparent-mode-traffic-redirection/m-p/2753147#M177791 <P>Thank you for your answer,</P><P>Let i show you a picture that describes my problem. I have core switches with many VLANs (10,20,30 for example) and i have just purchased 2 ASA 5585X witch 2 port 10Gb. I will connect it to core switches by using trunk links. I want to know how to redirect traffic to ASA with 2 ports and many VLANS. With the solution you suggest&nbsp;i must have many&nbsp;ports <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Tue, 13 Oct 2015 19:33:42 GMT https://community.cisco.com/t5/network-security/asa-transparent-mode-traffic-redirection/m-p/2753147#M177791 tran.van.tien 2015-10-13T19:33:42Z https://community.cisco.com/t5/network-security/asa-transparent-mode-traffic-redirection/m-p/2753148#M177793 <P>Hi Tran,</P><P>You needs to create&nbsp;multiple virtual interfaces for inside/outisde&nbsp;vlans.</P><P>Dont make both port as&nbsp;single trunk.&nbsp;You&nbsp;should&nbsp;use dedicate ports for incoming and outgoing traffic. below is example how you can permit multiple vlans&nbsp;using 2 ports. Attaching design for your reference:</P><P>&nbsp;</P><P>Config Example:</P><P><STRONG>Inside Interfaces for all required Vlans</STRONG> (10,20,30...)</P><P><STRONG>Note: </STRONG>These Vlans(10,20,30...) should be configure as L2 inside vlans for host connectivity.</P><P>interface TenGigabitEthernet0/0<BR />&nbsp;no nameif<BR />&nbsp;no security-level</P><P>interface TenGigabitEthernet0/0.10<BR />&nbsp;vlan 10<BR />&nbsp;nameif inside1<BR />&nbsp;bridge-group 1<BR />&nbsp;security-level xx</P><P>interface TenGigabitEthernet0/0.20<BR />&nbsp;vlan 20<BR />&nbsp;nameif inside2<BR />&nbsp;bridge-group 2<BR />&nbsp;security-level xx</P><P>interface TenGigabitEthernet0/0.30<BR />&nbsp;vlan 30<BR />&nbsp;nameif inside3<BR />&nbsp;bridge-group 3<BR />&nbsp;security-level xx</P><P><STRONG>Outside&nbsp;Interfaces for all required Vlans</STRONG> (100,200,300...)</P><P><STRONG>note:</STRONG>These<STRONG> outside </STRONG>Vlans<STRONG> </STRONG>(100,200,300...) will be configured with L3 SVI on Core Switch</P><P>interface TenGigabitEthernet0/1<BR />&nbsp;no nameif<BR />&nbsp;no security-level</P><P><BR />interface TenGigabitEthernet0/1.100<BR />&nbsp;vlan 100<BR />&nbsp;nameif outside1<BR />&nbsp;bridge-group 1<BR />&nbsp;security-level xx</P><P>interface TenGigabitEthernet0/1.200<BR />&nbsp;vlan 200<BR />&nbsp;nameif outside2<BR />&nbsp;bridge-group 2<BR />&nbsp;security-level xx</P><P>interface TenGigabitEthernet0/1.300<BR />&nbsp;vlan 300<BR />&nbsp;nameif outside3<BR />&nbsp;bridge-group 3<BR />&nbsp;security-level xx</P><P>BVI Interface config for all the allowed Vlans (100,200,300)</P><P><BR />interface BVI1<BR />&nbsp;ip address 192.168.10.9 255.255.255.0 standby 192.168.10.10</P><P>interface BVI2<BR />&nbsp;ip address 192.168.20.9 255.255.255.0 standby 192.168.20.10</P><P>interface BVI3<BR />&nbsp;ip address 192.168.30.9 255.255.255.0 standby 192.168.30.10</P><P>&nbsp;</P><P>Thanks</P><P>Rajneesh</P> Wed, 14 Oct 2015 04:12:46 GMT https://community.cisco.com/t5/network-security/asa-transparent-mode-traffic-redirection/m-p/2753148#M177793 Rajneesh Dhiman 2015-10-14T04:12:46Z https://community.cisco.com/t5/network-security/asa-transparent-mode-traffic-redirection/m-p/2753149#M177799 <P>When you say "redirect", what do you mean? Do you want to use the ASA as your client gateway? What role do you want the ASAs to perform? Do you want specific access policies for each VLAN? Please explain?</P> Wed, 14 Oct 2015 04:27:35 GMT https://community.cisco.com/t5/network-security/asa-transparent-mode-traffic-redirection/m-p/2753149#M177799 Andre Neethling 2015-10-14T04:27:35Z https://community.cisco.com/t5/network-security/asa-transparent-mode-traffic-redirection/m-p/2753150#M177800 <P>Thank you Rajneesh!</P> Wed, 14 Oct 2015 14:45:00 GMT https://community.cisco.com/t5/network-security/asa-transparent-mode-traffic-redirection/m-p/2753150#M177800 tran.van.tien 2015-10-14T14:45:00Z https://community.cisco.com/t5/network-security/asa-transparent-mode-traffic-redirection/m-p/2753151#M177801 <P>Hi Tran Van,</P><P>I have the same configurations but I can't &nbsp;to do PING between &nbsp;different Vlans &nbsp;only can to do PING between the same network or the same vlan.</P><P>Regards,</P> Mon, 19 Oct 2015 19:06:13 GMT https://community.cisco.com/t5/network-security/asa-transparent-mode-traffic-redirection/m-p/2753151#M177801 JRGC 2015-10-19T19:06:13Z https://community.cisco.com/t5/network-security/asa-transparent-mode-traffic-redirection/m-p/2753152#M177802 <P>Hi jrgonzalezz,</P><P>Please check your core switches&nbsp;because it performs routing <span class="lia-unicode-emoji" title=":winking_face:">😉</span></P> Tue, 20 Oct 2015 08:09:07 GMT https://community.cisco.com/t5/network-security/asa-transparent-mode-traffic-redirection/m-p/2753152#M177802 tran.van.tien 2015-10-20T08:09:07Z