06-25-2008 01:43 PM - edited 03-11-2019 06:05 AM
Hi,
As a begineer in ASA, I'm trying to configure a 5505 to allow 3 hosts to access 4 servers in different routed networks. The 3 hosts are on the same vlan so I would think transparent firewall would work for this. The example below is from Config notes and I can't seem to define nameif as outside/inside on the two E0/0 or E0/1 interfaces.
The Error is: only vlan interface can be defined nameif.
Using 7.2 code and using base ASA 5505.
I must be missing something real simple ;-))). Any example of a tranparent mode config would be great!
ciscoasa#show running-config
: Saved
:
ASA Version 8.0(2)
!
!--- In order to set the firewall mode to transparent mode
firewall transparent
hostname ciscoasa
enable password xxx
names
!
interface Ethernet0/0
nameif outside
security-level 0
!
interface Ethernet0/1
nameif inside
security-level 100
!
interface Ethernet0/2
shutdown
no nameif
no security-level
!
interface Ethernet0/3
shutdown
no nameif
no security-level
!
interface Management0/0
shutdown
no nameif
no security-level
management-only
!
passwd xxx
ftp mode passive
pager lines 24
mtu outside 1500
mtu inside 1500
!--- IP Address for the Management.
!--- Avoid using this IP Address as a default gateway.
!--- The security appliance uses this address as the source address
!--- for traffic originating on the security appliance, such as system
!--- messages or communications with AAA servers. You can also use this
!--- address for remote management access.
ip address 192.168.1.1 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
!--- Output Suppressed
service-policy global_policy global
prompt hostname context
Cryptochecksum:xxx
: end
ciscoasa(config)#
06-26-2008 01:42 AM
Hi, try this ..
interface Vlan10
nameif inside
security-level 100
interface Vlan20
nameif outside
security-level 0
interface Ethernet0/0
switchport access vlan 20
no shut
interface Ethernet0/1
switchport access vlan 10
no shut
06-26-2008 11:05 AM
Thanks
yep- it was simple
now if my extended access list will just work
02-28-2014 06:57 AM
Hi,
I do have extra question.
5505 does not accept nameif for the ethernet port and we have to use vlan for nameif. There will be at least two vlan, each for one interface inside and outside. I have to provide to configure two subnets, one for each VLAN. Then, is this really transparent. With 5510 and higher it is possible to use single network for both interfaces, but not with 5505. Any suggestions?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide