Deploy ASA 55xx in transparent - one arm mode?

hiepnguyenho · ‎10-17-2011

Hello everyone,

I am planning to deploy ASA 5580 in one arm mode for Data Center. The question is, if I use C6509 with FWSM, I can deploy the firewall in transparent & one arm mode with bridge-group on FWSM. But I have 5580 appliance, if I deploy ASA 5580 in transparent mode with 2 sub-interfaces (RED VLAN and GREEN VLAN) assigned to it, can my traffic flow like in below figure?

In Data Center, I just want to force some VLANs move through firewall, some bypass, and I dont want to deploy ASA in routed mode. So, please help me to figure it out. Thank you very much.

Regards,

Hiep Nguyen.

Rick Arps · ‎10-18-2011

I don't see any issues with this setup. The 5580 should see the subinterfaces just as it would seperate physical interfaces.

You've probably got a few physical ports on the 5580. You might want to consider setting up lacp to the firewll to get some interface redundancy and additional throughput.

hth,

Rick

hiepnguyenho · ‎10-18-2011

Yes, thanks a lot Rick.

One better thing of FWSM is in transparent mode, it support bridge-group, that can support 8 pairs of interfaces. For ASA Appliance, it support only 1 pair of interfaces for one-context. So if I have to deploy many server subnets, I have to make ASA context.With 3 default context, I can not scale up my network with this design.

Thank you for your support.

Regards,

Hiep Nguyen.

Mohammed Islam · ‎11-11-2011

Starting with 8.4 you can deploy bridge groups with 4 max interfaces.

hiepnguyenho · ‎11-13-2011

Hi Mohammed,

Yey, great news. Thank you for your information.