Re: ASA 5505 Transparent Firewall COnfiguration How To

kmmehlkmmehl · ‎09-12-2007

Hi Guys!

I am stuck i want to configure an ASA 5505 in transparent mode (7.x). SOmehow i got it to work.. but i need some kind of step by step description. I just wantto connect it with outside on a route .. inside in my LAn. Its working now with one ASA.. i have no idea why. But in the Web Interface the Interfaces inside and outside are down.. but its working.

So whats the correct way of configuring (from scratch) ?

THANKS

marco

a.alekseev · ‎09-13-2007

show configuration.

rajbhatt · ‎09-13-2007

Hi,

Here is a lab config :

router

172.150.150.1

|

PIX <---- 172.150.150.2

|

172.150.150.3

inside router

pixfirewall(config)# sh run

: Saved

:

PIX Version 7.0(1)

firewall transparent

names

!

interface Ethernet0

nameif outside

security-level 0

!

interface Ethernet1

nameif inside

security-level 100

!

interface Ethernet2

shutdown

no nameif

no security-level

!

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

hostname pixfirewall

ftp mode passive

access-list outside_in extended permit icmp any any

access-list outside_in extended permit tcp any host 172.150.150.3 eq telnet

no pager

logging console debugging

ip address 172.150.150.2 255.255.255.0

no failover

monitor-interface outside

monitor-interface inside

access-group outside_in in interface outside

route outside 0.0.0.0 0.0.0.0 172.150.150.1 1

kmmehlkmmehl · ‎09-14-2007

hi

thanks

what about the vlans? i tried this but then it says i needtohave vlans configured...i cant see that in your config! (inside / outside)

a.alekseev · ‎09-15-2007

firewall mode transparent

!

interface Vlan1

nameif inside

security-level 100

!

interface Vlan2

nameif outside

security-level 0

!

interface Ethernet0/0

switchport access vlan 2

no sh

!

interface Ethernet0/1

no sh

!

interface Ethernet0/2

no sh

!

interface Ethernet0/3

no sh

!

interface Ethernet0/4

no sh

!

interface Ethernet0/5

no sh

!

interface Ethernet0/6

no sh

!

interface Ethernet0/7

no sh

!

access-list OUTSIDE-IN permit ip any any #you can permit something what you want

access-group OUTSIDE-IN in int outside

E0/0 - connected to the router

E0/1 -7 connected to your LAN

jayakireetikesani · ‎11-06-2012

Hi, I need help in configuring Transparent Firewall in my ntwrk.

Setup:

Router

|

ASA

|

Switch

My question is:

In my original setup i dont have any ASA. Now we would like to insert an ASA in middle.

We have sub interfaces on the router for different vlans. Now when I configure vlans on ASA for inside and outside and assign to Ethernet interfaces, will the ASA allow traffic which are with different vlans.

---------------------------------------

Should I assign the interface connectd to router as Trunk or will this work.

My router has the below interfaces

EEIPL-RTR-1#sh ip int br

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 unassigned YES NVRAM up up

FastEthernet0/0.242 10.28.242.1 YES NVRAM up up

FastEthernet0/0.243 10.28.243.1 YES NVRAM up up

FastEthernet0/0.244 10.28.244.1 YES NVRAM up up

FastEthernet0/0.245 10.28.245.1 YES NVRAM up up

FastEthernet0/0.246 10.28.246.1 YES NVRAM up up

Will my basic ASA transparent firewall config will allow the traffic.

ASA config:

interface vlan 1

nameif inside

interface vlan 2

nameif outside

interface eth0/0

switchport access vlan 1

interface eth0/1

switchport access vlan 2

------------------------------------------------

Please do reply ASAP.