https://community.cisco.com/t5/network-security/asa-transparent-mode-configuration/m-p/1712472#M557191 <HTML><HEAD></HEAD><BODY><P>The answer is that it depends on the type of traffic.You will need an ACL or enable application inspection for <SPAN class="content">applications that embed IP addressing&nbsp; information in the user data packet or open secondary channels on&nbsp; dynamically assigned ports.</SPAN></P><P></P><P><SPAN class="content">See below a configuration example for TFTP and FTP.<BR /></SPAN></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807ee585.shtml">http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807ee585.shtml</A></P><P></P><P>See also a configuration guide for application inspection for version 8.2</P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/inspect_overview.html">http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/inspect_overview.html</A></P><P></P><P>Thanks for the rating.</P></BODY></HTML> Mon, 25 Apr 2011 13:20:21 GMT sean_evershed 2011-04-25T13:20:21Z https://community.cisco.com/t5/network-security/asa-transparent-mode-configuration/m-p/1712469#M557188 <P>Hi all,</P><P>I am new to ASA, and I need some help in configuring ASA in transparent mode :</P><P>this is what I've done so far:</P><P></P><P>conifgured tow interfaces as inside and outside, configured global IP address from the same subnet , configured default route</P><P>I read that by default traffic from higher security level interface to lower security level interface is allowed by default, so I did't cofigure access list for this traffic, but I can't ping anything from the inside lan to the outside. so do I need to configure access list for the icmp and other traffic? what other things should I bay attention too in Transparent mode other that it doesn't support dynamic routing?</P><P></P><P>Thanks.</P> Mon, 11 Mar 2019 20:25:09 GMT https://community.cisco.com/t5/network-security/asa-transparent-mode-configuration/m-p/1712469#M557188 mhcnetadmin 2019-03-11T20:25:09Z https://community.cisco.com/t5/network-security/asa-transparent-mode-configuration/m-p/1712470#M557189 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P>To allow ping through your firewall you will need to configure ICMP inspection or an access-list. See below:</P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml">http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml</A></P><P></P><P>See below a configuration guide for transparent firewalls. It doesn't support QoS either for example.</P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008089f467.shtml">http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008089f467.shtml</A></P><P></P><P>Please remember to rate all posts that are helpful.</P></BODY></HTML> Mon, 25 Apr 2011 11:35:20 GMT https://community.cisco.com/t5/network-security/asa-transparent-mode-configuration/m-p/1712470#M557189 sean_evershed 2011-04-25T11:35:20Z https://community.cisco.com/t5/network-security/asa-transparent-mode-configuration/m-p/1712471#M557190 <HTML><HEAD></HEAD><BODY><P>Ahhhhhhhhhhhh,&nbsp; thanks alot, but other traffic is permitted in Transparent mode without access list right??</P></BODY></HTML> Mon, 25 Apr 2011 12:39:34 GMT https://community.cisco.com/t5/network-security/asa-transparent-mode-configuration/m-p/1712471#M557190 mhcnetadmin 2011-04-25T12:39:34Z https://community.cisco.com/t5/network-security/asa-transparent-mode-configuration/m-p/1712472#M557191 <HTML><HEAD></HEAD><BODY><P>The answer is that it depends on the type of traffic.You will need an ACL or enable application inspection for <SPAN class="content">applications that embed IP addressing&nbsp; information in the user data packet or open secondary channels on&nbsp; dynamically assigned ports.</SPAN></P><P></P><P><SPAN class="content">See below a configuration example for TFTP and FTP.<BR /></SPAN></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807ee585.shtml">http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807ee585.shtml</A></P><P></P><P>See also a configuration guide for application inspection for version 8.2</P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/inspect_overview.html">http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/inspect_overview.html</A></P><P></P><P>Thanks for the rating.</P></BODY></HTML> Mon, 25 Apr 2011 13:20:21 GMT https://community.cisco.com/t5/network-security/asa-transparent-mode-configuration/m-p/1712472#M557191 sean_evershed 2011-04-25T13:20:21Z https://community.cisco.com/t5/network-security/asa-transparent-mode-configuration/m-p/1712473#M557192 <HTML><HEAD></HEAD><BODY><P>Thanks</P><P></P><P>I will try it tomorrow.</P></BODY></HTML> Mon, 25 Apr 2011 13:33:50 GMT https://community.cisco.com/t5/network-security/asa-transparent-mode-configuration/m-p/1712473#M557192 mhcnetadmin 2011-04-25T13:33:50Z