Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1463
Views
10
Helpful
4
Replies

ASA Transparent Mode Configuration

mhcnetadmin
Level 1
Level 1

‎04-25-2011 03:41 AM - edited ‎03-11-2019 01:25 PM

Hi all,

I am new to ASA, and I need some help in configuring ASA in transparent mode :

this is what I've done so far:

conifgured tow interfaces as inside and outside, configured global IP address from the same subnet , configured default route

I read that by default traffic from higher security level interface to lower security level interface is allowed by default, so I did't cofigure access list for this traffic, but I can't ping anything from the inside lan to the outside. so do I need to configure access list for the icmp and other traffic? what other things should I bay attention too in Transparent mode other that it doesn't support dynamic routing?

Thanks.

Labels:
0 Helpful
4 Replies 4

sean_evershed
Level 7
Level 7

‎04-25-2011 04:35 AM

Hi,

To allow ping through your firewall you will need to configure ICMP inspection or an access-list. See below:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml

See below a configuration guide for transparent firewalls. It doesn't support QoS either for example.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008089f467.shtml

Please remember to rate all posts that are helpful.

mhcnetadmin
Level 1
Level 1
In response to sean_evershed

‎04-25-2011 05:39 AM

Ahhhhhhhhhhhh,  thanks alot, but other traffic is permitted in Transparent mode without access list right??

0 Helpful

sean_evershed
Level 7
Level 7
In response to mhcnetadmin

‎04-25-2011 06:20 AM

The answer is that it depends on the type of traffic.You will need an ACL or enable application inspection for applications that embed IP addressing  information in the user data packet or open secondary channels on  dynamically assigned ports.

See below a configuration example for TFTP and FTP.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807ee585.shtml

See also a configuration guide for application inspection for version 8.2

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/inspect_overview.html

Thanks for the rating.

mhcnetadmin
Level 1
Level 1
In response to sean_evershed

‎04-25-2011 06:33 AM

Thanks

I will try it tomorrow.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card