https://community.cisco.com/t5/network-security/pix-asa-vlans-in-transparent-mode/m-p/980232#M939852 <HTML><HEAD></HEAD><BODY><P>ASA/PIX when in transparent mode works like a bridge. You can use max. 2 interfaces and these two interfaces need to be part of specific VLANs. It looks like you are connecting these inerfaces to trunk ports carrying multiple VLANs, this will not work. I'm not sure whats your network topology, hence cant suggest if routed mode would be a good option for you. Could you please elaborate more on the network design?</P><P></P><P>Regards,</P><P>Vibhor.</P></BODY></HTML> Thu, 10 Apr 2008 17:53:00 GMT vitripat 2008-04-10T17:53:00Z https://community.cisco.com/t5/network-security/pix-asa-vlans-in-transparent-mode/m-p/980229#M939842 <P>Is there any problem putting an ASA/PIX in transparent mode on an 802.11Q trunk link? I have an internet router that will do NAT to three VLANS and I want to send that trunk through a transparent ASA-5510 for inspection and then onto the trunk port on an internal router. Any problems with this scenario? Or will I have to let the ASA do the NAT and operate in routed mode?</P> Mon, 11 Mar 2019 12:26:29 GMT https://community.cisco.com/t5/network-security/pix-asa-vlans-in-transparent-mode/m-p/980229#M939842 ssewallatrc 2019-03-11T12:26:29Z https://community.cisco.com/t5/network-security/pix-asa-vlans-in-transparent-mode/m-p/980230#M939844 <HTML><HEAD></HEAD><BODY><P>The PIX must be configured for 802.1Q encapsulation. In PIX 6.3 a new feature is added, where PIX can create logical interfaces. Each logical interface corresponds to a VLAN in the switch. Refer to Using VLANs with the Firewall for more information.</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/bafwcfg.html#wp1113411" target="_blank">http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/bafwcfg.html#wp1113411</A></P></BODY></HTML> Wed, 09 Apr 2008 12:27:18 GMT https://community.cisco.com/t5/network-security/pix-asa-vlans-in-transparent-mode/m-p/980230#M939844 vkapoor5 2008-04-09T12:27:18Z https://community.cisco.com/t5/network-security/pix-asa-vlans-in-transparent-mode/m-p/980231#M939848 <HTML><HEAD></HEAD><BODY><P>i'm not sure what you're trying to do, but a firewall is either in transparent mode or routed mode. You can't specify vlans or subinterfaces only.</P><P>You can only use two interfaces (plus a mgmt interface) in transparent mode.</P><P>see the guidelines here:</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/fwmode.html#wp1202704" target="_blank">http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/fwmode.html#wp1202704</A></P></BODY></HTML> Thu, 10 Apr 2008 13:26:55 GMT https://community.cisco.com/t5/network-security/pix-asa-vlans-in-transparent-mode/m-p/980231#M939848 srue 2008-04-10T13:26:55Z https://community.cisco.com/t5/network-security/pix-asa-vlans-in-transparent-mode/m-p/980232#M939852 <HTML><HEAD></HEAD><BODY><P>ASA/PIX when in transparent mode works like a bridge. You can use max. 2 interfaces and these two interfaces need to be part of specific VLANs. It looks like you are connecting these inerfaces to trunk ports carrying multiple VLANs, this will not work. I'm not sure whats your network topology, hence cant suggest if routed mode would be a good option for you. Could you please elaborate more on the network design?</P><P></P><P>Regards,</P><P>Vibhor.</P></BODY></HTML> Thu, 10 Apr 2008 17:53:00 GMT https://community.cisco.com/t5/network-security/pix-asa-vlans-in-transparent-mode/m-p/980232#M939852 vitripat 2008-04-10T17:53:00Z