Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1009
Views
0
Helpful
4
Replies

ASA 5515-X Transparent Mode

chanccmtech
Level 1
Level 1

‎02-15-2016 07:05 AM - edited ‎03-12-2019 12:18 AM

Good Day all, 

Currently I am performing a POV for ASA5515-X with FirePOWER Services using transparent mode. However I ran into some issues, such as traffic becomes dropped the moment it entered the ASA. My customer's network is a simple network with having the ASA to be placed in between their firewall and core-switch. The ASA has been configured to be in transparent (with the configuration as attached). 

From my understanding this should be a straight forward POV, as the deployment are done in L2 mode and no routing/switching needed to be configured on the firewall. However this doesn't seemed to be working. Traffic coming into the firewall, worked for 10 seconds, and subsequent traffic are dropped completely.

Do please go through the current configuration (as of attached) and let me know if there is something that I might be doing wrong, or if there are any suggestion, would be greatly appreciated!!

ASA Firmware: 9.3(2)

ASDM Firmware: asdm-752-153.bin

G/W IP: 168.172.8.10

DNS 1 & 2: 168.172.8.180, 168.172.8.252

Labels:
Preview file
4 KB
Preview file
4 KB
Preview file
46 KB
0 Helpful
4 Replies 4

Philip D'Ath
VIP Alumni
VIP Alumni

‎02-15-2016 10:52 AM

Try giving the BVI interface an IP address in the same subnet.  It sounds like it should have a 168.172.x.x address.

You can also search this guide for "ip address" and read about the management IP address requirements.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/interface_complete_transparent.html

interface BVI1
 ip address 10.1.1.82 255.255.0.0
0 Helpful

chanccmtech
Level 1
Level 1
In response to Philip D'Ath

‎02-15-2016 05:36 PM

Ok. I will try giving it an IP in the same segment, but I don't think that solves my connectivity issues. Because I had tried giving the BVI same IP address in the same segment: ie. 168.172.8.22.

The customer's environment is using VLAN segmentation in their network, do I need to create sub-interfaces to cater the VLANs?

0 Helpful

Philip D'Ath
VIP Alumni
VIP Alumni
In response to chanccmtech

‎02-15-2016 05:48 PM

If you are going to trunk the VLANs through the ASA - yes.  If you are presenting them as access ports - no.

0 Helpful

chanccmtech
Level 1
Level 1
In response to Philip D'Ath

‎02-15-2016 05:54 PM

I see. In the current deployment method of transparent, this should be seen as straight forward, no VLAN trunking is necessary am I correct?

In the ASA, is there a command even for changing switchport to access or trunk even?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card