I'd like to know how I can allow any traffick to pass through ASA on transparent mode. My idea was to use the same security level on inside and outside interfaces. What do you think about it? What problems can I face?
ASA5585-SSP-60, Cisco Adaptive Security Appliance Software Version 9.1(5)21.
Is this in a production Scenario? Is your plan to apply ploicies on the traffic eventually?
You can acieve this by adding Access rules to the traffic while still maintaining the Security levels where you want it for INSIDE and OUTSIDE traffic.
You could do it with same security levels but you might run into some issues with traffic being inspected or not inspected through the firewall. So certain traffic may not be allowed dynamically. You have to configure "allow same security traffic through the firewall. This adds complexity to your config which may be difficult to undo when you decide to control traffic through your Firewall.
I don't actually need ASA services in general, but I need only a possibility of ASA to filter hhtp-headers and url filtration. But anyway,
Is it OK?
access-list ALLOW-ANY ethertype permit any
access-list ALLOW-ANY-IP extended permit ip any any
access-group ALLOW-ANY out interface inside
access-group ALLOW-ANY-IP out interface inside
access-group ALLOW-ANY in interface outside
access-group ALLOW-ANY-IP in interface outside
I need a piece of advice.
Thank you in advance.
That should work. You don't need the entries in the direction out on both interfaces. Is there any ethertype traffic you want to allow? Like cdp or other layer 2 protocols. If not then you don't need the ethertype acl.