Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1165
Views
0
Helpful
1
Replies

ASA/Firepower in transparent mode and MPLS

anazarenko
Level 1
Level 1

‎08-12-2016 02:38 AM - edited ‎03-12-2019 01:07 AM

Dear All,

In case i want to inspect MPLS-labelled IP traffic, the same way i do inspection for IP traffic. The reason is - to use MPLS VPN between WAN Edge router and my core MPLS router and at the same time to introduce Firewalling function for external sites. Otherwise i need to provision VRF-light for each single customer. Is there a way to achieve this with ASA or Firepower?

4 people had this problem
Labels:
0 Helpful
1 Reply 1

deshaon.t
Level 1
Level 1

‎12-14-2017 09:13 PM

I'm curious if anyone has ever done this design.  A really good use case is what Cisco is calling the Shared Protected Service Edge design. I want to use L3VPN for a PE-PE connection through the Firewall.  There are several advantages over VRF-lite and I want know if the configuration is valid.  This design should be possible running the Firewall in Transparent Mode.  See first link below.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/acl_ethertype.html#wp1078181

My question would be first is this design possible? And technically, what would be the configuration.  Would you use LDP or BGP send label for the label distribution between the PE-PE connection through the Firewall?

The Shared Protected Service Edge Link Below

https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Network_Virtualization/ServEdge.html

TIA

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card