Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
3999
Views
0
Helpful
5
Replies

ASA 5510 Transparent or Routed mode

Go to solution
Alcides Miguel
Level 1
Level 1

ā€Ž05-30-2011 07:19 AM - edited ā€Ž03-11-2019 01:40 PM

Hi all,

I have introduced a Cisco ASA to my Network so can someone explain me what is best operation mode for the  security appliance?

the pros 'nd cons.

INTERNAL---->PROXY----->ASA5510------>Router----->INTERNET

Best Regards

Alcides

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
varrao
Level 10
Level 10
In response to Alcides Miguel

ā€Ž05-30-2011 10:45 AM

Hi Alcides,

The transparent does not support the following features:

  • NAT /PAT

    Starting with ASA/PIX 8.0(2), NAT/PAT is supported in the transparent firewall.

  • Dynamic routing protocols (such as RIP, EIGRP, OSPF)

  • IPv6

  • DHCP relay

  • Quality of Service (QOS)

  • Multicast

  • VPN termination for through traffic


    • So if you have any of the above requirements that would not be supported in transparent firewall.

    Moreover I guess routed mode would be better, but then again, as I said earlier, you are the best judge in this scenario.

    Please find the document attached.

    Hope this helps.

    Thanks,
    Varun
Thanks,
Varun Rao

View solution in original post

Preview file
156 KB
0 Helpful
5 Replies 5

Go to solution
varrao
Level 10
Level 10

ā€Ž05-30-2011 07:26 AM

Hi Alcides,

No one could be a better judge of it than you yourself, if you need further in depth info about transparent mode, kindly go through the doc:

http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2030/products_configuration_example09186a008089f467.shtml

Also clearly go through the unsupported features of Transparent mode, this might be important for your requirement.

Hope this helps.

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful

Go to solution
Alcides Miguel
Level 1
Level 1
In response to varrao

ā€Ž05-30-2011 09:36 AM

Hi Varun, thanks for your response. But the link you provided is forbidden for me. But in your opinion what's is the best operation mode thinking in security pespective?

like a frontend-backend firewall topology

Best Regards,

Alcides

0 Helpful

Go to solution
varrao
Level 10
Level 10
In response to Alcides Miguel

ā€Ž05-30-2011 10:45 AM

Hi Alcides,

The transparent does not support the following features:

  • NAT /PAT

    Starting with ASA/PIX 8.0(2), NAT/PAT is supported in the transparent firewall.

  • Dynamic routing protocols (such as RIP, EIGRP, OSPF)

  • IPv6

  • DHCP relay

  • Quality of Service (QOS)

  • Multicast

  • VPN termination for through traffic


    • So if you have any of the above requirements that would not be supported in transparent firewall.

    Moreover I guess routed mode would be better, but then again, as I said earlier, you are the best judge in this scenario.

    Please find the document attached.

    Hope this helps.

    Thanks,
    Varun
Thanks,
Varun Rao
Preview file
156 KB
0 Helpful

Go to solution
Alcides Miguel
Level 1
Level 1
In response to varrao

ā€Ž05-30-2011 03:24 PM

HI Varun,

Many thanks your attention was very helpfully. so as you can see I'm new to ASA products. one last question what about the double Nat? many people just ask me about this( doing Nat in ASA and after in router) is there any problem doing that?

Best Regards,

Alcides

0 Helpful

Go to solution
varrao
Level 10
Level 10
In response to Alcides Miguel

ā€Ž05-31-2011 07:24 AM

Hi Alcides,

If you are using the firewall in routed mode, y wud you do double nat, just do natting once on the ASA itself and routing on the router but if you are using the firewall in transparent mode then you would need to do natting on the router only.

Hope this helps.

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card