09-12-2007 08:12 PM - edited 03-11-2019 04:10 AM
Hi Guys!
I am stuck i want to configure an ASA 5505 in transparent mode (7.x). SOmehow i got it to work.. but i need some kind of step by step description. I just wantto connect it with outside on a route .. inside in my LAn. Its working now with one ASA.. i have no idea why. But in the Web Interface the Interfaces inside and outside are down.. but its working.
So whats the correct way of configuring (from scratch) ?
THANKS
marco
09-13-2007 01:10 AM
show configuration.
09-13-2007 01:16 AM
Hi,
Here is a lab config :
router
172.150.150.1
|
|
|
|
PIX <---- 172.150.150.2
|
|
|
|
172.150.150.3
inside router
pixfirewall(config)# sh run
: Saved
:
PIX Version 7.0(1)
firewall transparent
names
!
interface Ethernet0
nameif outside
security-level 0
!
interface Ethernet1
nameif inside
security-level 100
!
interface Ethernet2
shutdown
no nameif
no security-level
!
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname pixfirewall
ftp mode passive
access-list outside_in extended permit icmp any any
access-list outside_in extended permit tcp any host 172.150.150.3 eq telnet
no pager
logging console debugging
ip address 172.150.150.2 255.255.255.0
no failover
monitor-interface outside
monitor-interface inside
access-group outside_in in interface outside
route outside 0.0.0.0 0.0.0.0 172.150.150.1 1
09-14-2007 11:20 PM
hi
thanks
what about the vlans? i tried this but then it says i needtohave vlans configured...i cant see that in your config! (inside / outside)
09-15-2007 02:50 AM
firewall mode transparent
!
interface Vlan1
nameif inside
security-level 100
!
interface Vlan2
nameif outside
security-level 0
!
interface Ethernet0/0
switchport access vlan 2
no sh
!
interface Ethernet0/1
no sh
!
interface Ethernet0/2
no sh
!
interface Ethernet0/3
no sh
!
interface Ethernet0/4
no sh
!
interface Ethernet0/5
no sh
!
interface Ethernet0/6
no sh
!
interface Ethernet0/7
no sh
!
access-list OUTSIDE-IN permit ip any any #you can permit something what you want
access-group OUTSIDE-IN in int outside
E0/0 - connected to the router
E0/1 -7 connected to your LAN
11-06-2012 02:15 PM
Hi, I need help in configuring Transparent Firewall in my ntwrk.
Setup:
Router
|
ASA
|
Switch
My question is:
In my original setup i dont have any ASA. Now we would like to insert an ASA in middle.
We have sub interfaces on the router for different vlans. Now when I configure vlans on ASA for inside and outside and assign to Ethernet interfaces, will the ASA allow traffic which are with different vlans.
---------------------------------------
Should I assign the interface connectd to router as Trunk or will this work.
My router has the below interfaces
EEIPL-RTR-1#sh ip int br
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES NVRAM up up
FastEthernet0/0.242 10.28.242.1 YES NVRAM up up
FastEthernet0/0.243 10.28.243.1 YES NVRAM up up
FastEthernet0/0.244 10.28.244.1 YES NVRAM up up
FastEthernet0/0.245 10.28.245.1 YES NVRAM up up
FastEthernet0/0.246 10.28.246.1 YES NVRAM up up
Will my basic ASA transparent firewall config will allow the traffic.
ASA config:
interface vlan 1
nameif inside
interface vlan 2
nameif outside
interface eth0/0
switchport access vlan 1
interface eth0/1
switchport access vlan 2
------------------------------------------------
Please do reply ASAP.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: