12-03-2015 04:22 AM - edited 03-11-2019 11:59 PM
Hello, everyone!
I'd like to know how I can allow any traffick to pass through ASA on transparent mode. My idea was to use the same security level on inside and outside interfaces. What do you think about it? What problems can I face?
Thank you!
P.S.
ASA5585-SSP-60, Cisco Adaptive Security Appliance Software Version 9.1(5)21.
12-03-2015 04:54 AM
Is this in a production Scenario? Is your plan to apply ploicies on the traffic eventually?
You can acieve this by adding Access rules to the traffic while still maintaining the Security levels where you want it for INSIDE and OUTSIDE traffic.
You could do it with same security levels but you might run into some issues with traffic being inspected or not inspected through the firewall. So certain traffic may not be allowed dynamically. You have to configure "allow same security traffic through the firewall. This adds complexity to your config which may be difficult to undo when you decide to control traffic through your Firewall.
12-03-2015 05:35 AM
I don't actually need ASA services in general, but I need only a possibility of ASA to filter hhtp-headers and url filtration. But anyway,
Is it OK?
interface GigabitEthernet0/0
nameif inside
bridge-group 1
security-level 100
!
interface GigabitEthernet0/1
nameif outside
bridge-group 1
security-level 0
!
access-list ALLOW-ANY ethertype permit any
access-list ALLOW-ANY-IP extended permit ip any any
!
access-group ALLOW-ANY out interface inside
access-group ALLOW-ANY-IP out interface inside
!
access-group ALLOW-ANY in interface outside
access-group ALLOW-ANY-IP in interface outside
!
I need a piece of advice.
Thank you in advance.
12-03-2015 06:19 AM
That should work. You don't need the entries in the direction out on both interfaces. Is there any ethertype traffic you want to allow? Like cdp or other layer 2 protocols. If not then you don't need the ethertype acl.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide