ASA 5512X Transparetn mode

prakash19cse · ‎01-06-2014

Hi,

We have four IP pools, 192.168.1.0/24 to 192.168.4.0/24 total 1024 ips

we have two ISP for broadcasting our ASN

We have configured 2 Cisco 2821 routers and 2 Cisco 3550 L3 Switches in a high availabilty[HSRP and BGP] from the L3 switches we have connected

L2 switches. From the L2 swiches the servers are connected.

We planned to commission a firewall[Between the L3 and L2 switches],after much thought we acquired ASA 5512-x.

From the start we are facing the problem of configuring it, since our setup has 4 IP pools, we needed to configure secondary IPs on ASA, but

ASA 5512X doesnot support secondary IPs, So raised a ticket with cisco TAC, stating the same; they said secondary IPs cannot be configured.

So we tried to keep the firewall in transparent mode. But that created a new issue, the management IP of ASA was set to 192.168.4.x series and only the servers

which were on same subnet were reachable and the servers on different subnets were not reachable.

Since the firewall is in transparent mode, it should have the properties of L2 switch.

But as per the Cisco TAC, they told that it will not work, for it to work a L3 or a router is to be put between the ASA and L2.

Kindly provide you valuable input,

Note.

The servers are virtualization servers which does not support VLAN tagging.

m.kafka · ‎01-06-2014

I believe this might help you:

Use transparent mode

create vlans for each of your prefixes

create subinterfaces on the asa for the vlans

create four bridge groups

assign the subinterfaces to the bridge groups

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/interface_complete_transparent.html#wp1382356

Rgds, MiKa