Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
702
Views
5
Helpful
4
Replies

Can a Transparent mode firewall use /30 and still work.

Go to solution
smooth1966dha
Level 1
Level 1

‎10-10-2012 11:06 AM - edited ‎03-11-2019 05:07 PM

Here is my question, I have a ASA 5510 that is connected to my ISP and the inside interface that is connected to my router.  I have a /30 and need to determine if the configuration of x.x.x.121/30 which is my ISP and also the BVI address on the ASA.  The inside router address is x.x.x.122/30 same subnet as my ISP will allow me to pass traffic.  Management interface works using a different ip address but not able to get the traffic to pass traffic out to the internet thru the ASA

ISP-------->ASA-------->Router 

Bottom Line is that I only have one usable address that is being used by the router and the ISP and ASA are using the other.  Will this work?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎10-10-2012 12:19 PM

Hello Eugene,

As the web user post the ASA needs to be on the same broadcast domain than the other 2 devices you have (isp modem and router) so the managment Ip needs to be there and needs to be different than the one used by the other devices. /30 will not work.

Remember to rate all of the questions the community answers.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful
4 Replies 4

Go to solution
fb_webuser
Level 6
Level 6

‎10-10-2012 11:32 AM

Transparent firewall needs a management ip address in the same subnet as the passing traffic. Also please check the vlans of the switch port (if any) of the outside and inside interfaces. The vlans needs to be different for both interfaces.

---

Posted by WebUser Fawad Khan from Cisco Support Community App

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎10-10-2012 12:19 PM

Hello Eugene,

As the web user post the ASA needs to be on the same broadcast domain than the other 2 devices you have (isp modem and router) so the managment Ip needs to be there and needs to be different than the one used by the other devices. /30 will not work.

Remember to rate all of the questions the community answers.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
fb_webuser
Level 6
Level 6

‎10-10-2012 07:34 PM

ASA should have a BVI interface configured with ip address in same broadcast domain. his BVI interface id should be ae configured as bridge group in both inside and outside interfaces

---

Posted by WebUser Sujith Rs from Cisco Support Community App

0 Helpful

Go to solution
smooth1966dha
Level 1
Level 1

‎10-10-2012 10:03 PM

Thanks for everyone quick replies.  Requested a /29 and that solved the problem.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card