07-08-2014 04:13 AM - edited 03-11-2019 09:26 PM
I am trying to configure an ASA 5512 and am encountering a problem on how to set up. My organisation is assigned a subnet xxx.xxx.32.0/21 by it's parent, with the SDP (service delivery point) being xxx.xxx.xxx.32.1. I want to place the firewall before the SDP, but obviously the internal network is all part of the same subnet and I can't configure the inside and outside interfaces on the same subnet.
This is my first experience with CISCO kit so go gentle with me but I appreciate any assistance anyone can give. I'm not looking to configure any rules just yet, but rather just get the traffic routing via the firewall to start with.
Thanks,
Rob
07-08-2014 04:31 AM
Hi,
Sounds to me that your only option would be to configure the ASA in Transparent Mode which would mean that it would act like a switch between your external and internal network.
I have personally not really deployed Transparent firewalls as there has not been any real need for it in the scenarios I have handled.
Below is the link to the latest Configuration Guide document for the ASA (CLI version) related to the Firewall mode (Routed or Transparent)
http://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/general/asa-general-cli/intro-fw.html
Here is a link to the other sections of the Configurations Guide
http://www.cisco.com/c/en/us/support/security/asa-5500-series-next-generation-firewalls/products-installation-and-configuration-guides-list.html
If you were to go ahead using the ASA in Transparent Mode I would suggest you search online for basic instructions on how to set it up. You will probably find a more simple guide on some online blog rather than referring to a Cisco document (Configuration Guide). Though I would still suggest referring to the Cisco document for the specific information.
Other than that I guess you could consider splitting the network in question so that you only use a small subnet on the external side and route rest of the remaining subnets towards the firewalls external interface. Or perhaps this is not an option in this case?
Hope this helps :)
- Jouni
07-08-2014 04:54 AM
Hi Jouni,
Thank you for the quick reply. I'll have a read up and mark your answer as correct if it all works out! Shame there is no helpful button.
Regards,
Rob
07-11-2014 03:47 AM
07-11-2014 03:47 AM
07-11-2014 03:54 AM
Hi,
To my understanding the Transparent firewall pretty much acts like a switch between the hosts and their gateway. So basically the hosts, ASAs BVI/Bridge interface and the networks/subnets gateway are all in the same network.
If you check the picture in this document
http://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/general/asa-general-cli/intro-fw.html#pgfId-1501273
You should see a network setup where the firewall is placed between the users and their gateway. In the pictures case the network 10.1.1.0/xx could correspond your network I guess.
- Jouni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide