ASA Transparent mode connected To ASA Transparent mode

HenriDeNecker · ‎05-14-2024

Hi

I have 2 x Firepower 2110 ASA Transparent mode Firewalls connected to each other. The Firewall are used to create 3 levels of Security Zones for Servers. Layer 3 will collect updates from the internet. Layer 3 will then copy the updates to Server in Layer 2. Layer 2 Server then needs to distribute the updates to Servers in Layer 1.

So Layer 1 in South of Firewall-01 and Layer-02 is North of Firewall-01 and South of Firewall-02. Layer 3 is north of Firewall-02. All of these layers are on the same IP range and also in thje same bridge groups.

The servers in Layer 1 can ping FW-01 but not FW-02. FW-01 and FW-02 can ping each other BVI IP's.

What config is required to alow ICMP echo's and reply's to be received and forwarded by the two Firewall? Or do i need to allow or set something setiings for this to happen? FW-01 does even create Log entries whne trying to each FW-02 for Layer 1.

MHM Cisco World · ‎05-15-2024

Hard task

Can you draw topolgy to make me better understand the issue.

Also one Q are server and BVI in both FW in same subnet?

Are you config any ACL to interface?

MHM

HenriDeNecker · ‎05-15-2024

Hi

Here is the topology

[cid:image001.png@01DAA6D0.1F8291B0]

MHM Cisco World · ‎05-15-2024

No attachment friend

MHM

HenriDeNecker · ‎05-15-2024