08-02-2008 11:23 AM - edited 03-11-2019 06:24 AM
1, Do asa support VPN in transparent mode.
2, What is the benefit of using transparent mode over routed mode.
08-02-2008 12:00 PM
1. The transparent firewall supports site-to-site VPN tunnels for management connections to the FW only. It does not terminate VPN connections for traffic through the security appliance. Check this link for all unsupported features in transparent mode :
2. Benefits of Transparent mode:
<
Suppose you have a NW setup like this wherein you want to filter traffic using a FW, but without changing any routing either on the LAN side or the router.
Then you just put in a FW in transparent mode to intercept/ control the traffic.
<
Again, there may be a case wherein there are servers and user systems in the same IP subnet,
now you want to have access control without changing anything on the servers or the users system
Then you put in a Transparent-FW and seggregate the LAN.
Benefits of Routed mode:
- supports features like NATting, VPN tunnels establishment, Dynamic routing , etc.
08-02-2008 12:00 PM
Hello Asim
1) In transparent mode, VPNs are only supported for management purposes (as in terminated on the firewall itself)
2) With transparent mode:
> You can add the firewall without re-addressing your network (which can be a pain sometimes).
> In Multiple mode, ASA does not support dynamic routing, with transparent mode you can work around this and let the routing protocol traffic 'through' the ASA/PIX/FWSM.
> You can do some MAC/ARP spoofing controls which are not available in routed mode.
These are some of the benefits, rate if helpful.
Regards
Farrukh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide