Re: asa 5506-x transparent mode with cisco 2901 vlan subinterface

zeuscyril · ‎01-17-2018

hi all,

i have one cisco 5506-x purchased with firepower and i want to introduce to my network without any changes. i have cisco 2901 router with 2 vlans sub interfaces in dot1q interfaces. now i want to connect asa as transparent mode. my question is will the asa pass both the vlans or not. if yes how we can achieve that because in transparent mode i can assign only one IP to the ASA.

thanks

cyril

Dennis Mink · ‎01-17-2018

you might want to check this post https://supportforums.cisco.com/t5/firewalling/cisco-asa-55xx-transparent-mode-vlan-traversing/td-p/2528610

Please remember to rate useful posts, by clicking on the stars below.

Richard Burts · ‎01-17-2018

The original poster asks how to implement ASA in transparent mode when there are two vlans and he has only a single IP address. This implies that he believes that he will configure an interface for each vlan and assign an IP address to each interface. But that is not the case. In transparent mode the IP address is used only for management traffic and does not have any role about inspecting traffic.

HTH

Rick

HTH

Rick

zeuscyril · ‎01-21-2018

hi Richard,
it means i can connect the cable from router lan to asa wan and from asa lan to switch so the traffic all untagged and tagged traffic will pass through the firewall. so the ip which assigned in the firewall only do management job.
thanks
cyril

Richard Burts · ‎01-22-2018

Cyril

Yes the router interface connects to ASA interface, other ASA interface connects to switch when ASA is configured for transparent mode. All traffic, tagged and untagged, passes through the ASA and is inspected. The IP address on the ASA is used only for management to and from the ASA.

HTH

Rick

HTH

Rick