Solved: A bump in the wire??

ohforce55 · ‎07-05-2017

Hi,

I have been researching about what 'a bump in the wire' means in ASA but can't really understand what it is.

Can you please explain about it in easy way?

Thanks!

Francesco Molino · ‎07-05-2017

Hi

When we say ASA Bump in the Wire, it means you configure the ASA as transparent firewall. It's also called "stealth firewall"

This is when you insert your ASA in between your ISP router and Core switch for example but it's not seen as an extra hop device in terms of packet forwarding.

does that clarify a bit?

Thanks

PS: Please don't forget to rate and mark as correct answer if this answered your question

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

Francesco Molino · ‎07-05-2017

You're welcome.

Having asa in transparent means instead of having a direct cable from your core and SP router, you insert in between this asa that will handle traffic security (filtering) but not managing your routes. You won't need to modify your routing or any L3 services. It seats there just to secure your traffic if I can say it very simply.

We call this design inline firewall.

Here some Cisco docs to help you understanding a bit more the design/concept:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/intro_fw.html#47162

http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/interface_complete_transparent.html

Thanks

PS: Please don't forget to rate and mark as correct answer if this answered your question

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

Francesco Molino · ‎07-05-2017

Hi

When we say ASA Bump in the Wire, it means you configure the ASA as transparent firewall. It's also called "stealth firewall"

This is when you insert your ASA in between your ISP router and Core switch for example but it's not seen as an extra hop device in terms of packet forwarding.

does that clarify a bit?

Thanks

PS: Please don't forget to rate and mark as correct answer if this answered your question

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

ohforce55 · ‎07-05-2017

Thank you!

I have another question. The transparent firewall is working in the same network correct?

What's the point of using transparent firewall if it's in the same network?

How can it be used between ISP router and Core switch?

Francesco Molino · ‎07-05-2017

You're welcome.

Having asa in transparent means instead of having a direct cable from your core and SP router, you insert in between this asa that will handle traffic security (filtering) but not managing your routes. You won't need to modify your routing or any L3 services. It seats there just to secure your traffic if I can say it very simply.

We call this design inline firewall.

Here some Cisco docs to help you understanding a bit more the design/concept:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/intro_fw.html#47162

http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/interface_complete_transparent.html

Thanks

PS: Please don't forget to rate and mark as correct answer if this answered your question

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

ohforce55 · ‎07-05-2017

Thank you so much!

You are so good at explaining! :)