topic Can you post your working in Network Security

asa transparent multiple subnets

cisco8887 — Wed, 13 Mar 2019 01:08:39 GMT

Hi All,

If you want to configure a firewall as transparent, you need to have an ip per subnet between the networks it is serving , correct ? if so why this is needed? Arp requests from asa?

if you have multiple subnets through the asa, do you do trunking as follow

inside hosts have the following subnet : 10.0.0.0/24 and 10.0.1.0/24

the router has the following ip: 10.0.0.1 and 10.0.1.1

would the firewall config be something like

interface gig 0

no shut

interface gig0.10

encapsulation dot1 10

nameif inside1

bridge-group-10

no shut

interface gig0.20

encapsulation dot1 20

nameif inside2

bridge-group-20

no shut

interface gig 1

no shut

interface gig1.10

encapsulation dot1 10

nameif outside1

bridge-group-10

no shut

interface gig1.20

encapsulation dot1 20

nameif outside2

bridge-group-20

no shut

int bvi 10

ip address 10.0.0.2

int bvi 20

ip address 10.0.1.2

and then trunking on switch side (hosts) and router on stick on router side?

many thanks

Found my answer and here it

cisco8887 — Wed, 23 Sep 2015 07:34:00 GMT

Found my answer and here it is for anyone wanting to do it in future

interface gig 0

no shut

interface gig0.10

encapsulation dot1 10

nameif inside1

bridge-group-10

no shut

interface gig0.20

encapsulation dot1 20

nameif inside2

bridge-group-20

no shut

interface gig 1

no shut

interface gig1.10

encapsulation dot1 11

nameif outside1

bridge-group-10

no shut

interface gig1.20

encapsulation dot1 21

nameif outside2

bridge-group-20

no shut

int bvi 10

ip address 10.0.0.2

int bvi 20

ip address 10.0.1.2

you need to setup up one side of the trunk to use 10 and 20 and other side to use 11 and 21

10 is bridged to 20

11 is bridged to 21

hope this helps anyone with the same problem .

Can you post your working

tlienskt — Thu, 19 Nov 2015 15:54:21 GMT

Can you post your working config? I have been trying to set this up no have no luck with. Trying to pass 3 vlans through. I'm showing link lights but no traffic passing or even hitting the ASA.

3750 - ASA5510 -3650

dot1q dot1q trunk

Can you post your working

tlienskt — Thu, 19 Nov 2015 15:55:33 GMT

Hi There,

cisco8887 — Sun, 22 Nov 2015 19:32:56 GMT

Hi There,

I did it in a lab environment so don't have the configuration.

Your setup will need to be one side receiving one vlan and the other leaving in another vlan as per my earlier post

for instance to pass traffic between two vlans on same subnet using transparent mode, here is what you do

setup 0.10 and the switch side of it as passing vlan 10

setup 1.10 and the switch swide of it as passing vlan 11

bridge 0.10 and 1.10 together using bridge group x for instance 10

that should pass all traffic through

make sure you have nameif on each interface such as 0.10 and 1.10