cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3528
Views
5
Helpful
4
Replies

Deploy ASA 55xx in transparent - one arm mode?

hiepnguyenho
Level 1
Level 1

Hello everyone,

I am planning to deploy ASA 5580 in one arm mode for Data Center. The question is, if I use C6509 with FWSM, I can deploy the firewall in transparent & one arm mode with bridge-group on FWSM. But I have 5580 appliance, if I deploy ASA 5580 in transparent mode with 2 sub-interfaces (RED VLAN and GREEN VLAN) assigned to it, can my traffic flow like in below figure?

In Data Center, I just want to force some VLANs move through firewall, some bypass, and I dont want to deploy ASA in routed mode. So, please help me to figure it out. Thank you very much.

Regards,

Hiep Nguyen.

Drawing1.vsd.jpg

4 Replies 4

Rick Arps
Level 4
Level 4

I don't see any issues with this setup.  The 5580 should see the subinterfaces just as it would seperate physical interfaces.

You've probably got a few physical ports on the 5580.  You might want to consider setting up lacp to the firewll to get some interface redundancy and additional throughput.

hth,

Rick

Yes, thanks a lot Rick.

One better thing of FWSM is in transparent mode, it support bridge-group, that can support 8 pairs of interfaces. For ASA Appliance, it support only 1 pair of interfaces for one-context. So if I have to deploy many server subnets, I have to make ASA context.With 3 default context, I can not scale up my network with this design.

Thank you for your support.

Regards,

Hiep Nguyen.

Starting with 8.4 you can deploy bridge groups with 4 max interfaces.

Hi Mohammed,

Yey, great news. Thank you for your information.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: