02-06-2024 04:33 PM
I have ASA5506-X running 9.16.4
Gi1/1 will be used as outside interface
Gi1/2 & Gi1/3 will be member of bridge group 1.
interface BVI1 will be used as inside interface.
Does the following interface config looks ok?
Do I need to configure security level for member interfaces (Gi1/2 & Gi1/3)?
!
interface GigabitEthernet1/1
nameif outside
security-level 100
ip address 10.10.10.1 255.255.255.252
!
interface GigabitEthernet1/2
description MEMBER-BVI-INSIDE
bridge-group 1
no nameif
no security-level
!
interface GigabitEthernet1/3
description MEMBER-BVI-INSIDE
bridge-group 1
no nameif
no security-level
!
interface GigabitEthernet1/4
shutdown
no nameif
security-level 100
no ip address
!
interface BVI1
nameif inside
security-level 100
ip address 192.168.10.1 255.255.255.255
!
02-07-2024 01:09 PM
what is the asa mode is it router mode or transparent mode
MHM
02-08-2024 09:23 AM
Firewall is in routed mode. There is no natting involved. Packets will for forwarded between inside/outside interface without natting. Both inside and outside will be using same security level, access list will be used on both interfaces to police the traffic.
02-08-2024 09:43 AM
According to this guide the BVI need for router mode nameif abd secuirty level (you already config)
So BVI need nameif and secuirty level for traffic pass from BVI (itself) toward the outside.
For members of bvi no need IP but it need nameif and secuirty to make traffic from these interface and outside or between each other.
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide