ASA Transparent config question

Justin Westover · ‎09-21-2011

So I have a 5585-s10 and I would like to use it in transparent mode but I have several questions.

1. If in transparent mode, can I use more than two interfaces without using multiple contexts?

2. If I used multiple contexts could servers in context one be allowed to communicate with servers in context 2 an d vice versa?

3. If in transparent mode, would the firewall have to be line or could it hang off of a port on our nexus switch?

So I would like to be able to hang the Asa is transparent mode off of a port on our nexus instead of placing the Asa inline between our top of rack switches and our nexus. So I'm not sure if it is possible to trunk a port on the nexus and connect the Asa to that? I'm just unsure how this would all work obviously haha.

Sent from Cisco Technical Support iPhone App

Jon Marshall · ‎09-22-2011

Justin

1) Yes you can, you can use what are called bridge groups. Each bridge group can use up to 4 interfaces.

2) Yes but you cannot share interfaces between contexts so you would need to route them via a L3 device

3) As far as i know not you can't do this. The firewall in transparent mode needs an outside and inside interface as it is simply an inline device through which traffic passes.

Jon

Justin Westover · ‎09-22-2011

So I would need an interface on the Asa inline with all of the uplinks from our access layer switches going to our nexus layer 3 switch?

Sent from Cisco Technical Support iPhone App

alanc3141592654 · ‎02-17-2012

Did you get a solution for this?