cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
432
Views
0
Helpful
4
Replies

asa transparent multiple subnets

cisco8887
Explorer
Explorer

Hi All,

 

 

If you want to configure a firewall as transparent, you need to have an ip per subnet between the networks it is serving , correct ? if so why this is needed? Arp requests from asa?

 

 

if you have multiple subnets through the asa, do you do trunking as follow

 

inside hosts have the following subnet : 10.0.0.0/24 and 10.0.1.0/24

the router has the following ip: 10.0.0.1 and 10.0.1.1

would the firewall config be something like 

 

 

interface gig 0 

no shut

 

interface gig0.10

encapsulation dot1 10

nameif inside1

bridge-group-10

no shut

 

interface gig0.20

encapsulation dot1 20

nameif inside2

bridge-group-20

no shut

 

 

interface gig 1

no shut

 

interface gig1.10

encapsulation dot1 10

nameif outside1

bridge-group-10

no shut

 

interface gig1.20

encapsulation dot1 20

nameif outside2

bridge-group-20

no shut

 

 

 

int bvi 10

ip address 10.0.0.2 

int bvi 20 

ip address 10.0.1.2 

 

 

and then trunking on switch side (hosts) and router on stick on router side?

 

many thanks

 

 

4 Replies 4

cisco8887
Explorer
Explorer

Found my answer and here it is for anyone wanting to do it in future

 

interface gig 0 

no shut

 

interface gig0.10

encapsulation dot1 10

nameif inside1

bridge-group-10

no shut

 

interface gig0.20

encapsulation dot1 20

nameif inside2

bridge-group-20

no shut

 

 

interface gig 1

no shut

 

interface gig1.10

encapsulation dot1 11

nameif outside1

bridge-group-10

no shut

 

interface gig1.20

encapsulation dot1 21

nameif outside2

bridge-group-20

no shut

 

 

 

int bvi 10

ip address 10.0.0.2 

int bvi 20 

ip address 10.0.1.2 

 

 

you need to setup up one side of the trunk to use 10 and 20 and other side to use 11 and 21

 

10 is bridged to 20

 

11 is bridged to 21

 

hope this helps anyone with the same problem .

Can you post your working config?  I have been trying to set this up no have no luck with.  Trying to pass 3 vlans through.  I'm showing link lights but no traffic passing or even hitting the ASA.

3750 - ASA5510 -3650

dot1q                   dot1q trunk

Hi There,

I did it in a lab environment so don't have the configuration.

Your setup will need to be one side receiving one vlan and the other leaving in another vlan as per my earlier post

for instance to pass traffic between two vlans on same subnet using transparent mode, here is what you do

setup 0.10 and the switch side of it as passing vlan 10

setup 1.10 and the switch swide of it as passing vlan 11

bridge 0.10 and 1.10 together using bridge group x for instance 10

that should pass all traffic through

make sure you have nameif on each interface such as 0.10 and 1.10

1

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers