Re: CIsco ASA before main router

polandlp · ‎03-21-2024

Hello I want to setup my cisco asa before my main router. I like to filtrate incoming ports. I like to enable transparent mode and configure as transparent firewall(I know all limitations of it) i set up all things but What IP i must add to bvi bridge when for example my main router get ip (from isp dhcp server): 1.1.1.56/24
Main router is my connection between WAN(ISP)-LAN it is doing nat and other things

Rob Ingram · ‎03-21-2024

@polandlp in transparent mode, the IP address assigned to the BVI would be an IP address in the same subnet as the bridge group member interfaces - in your case 1.1.1.x/24

MHM Cisco World · ‎03-21-2024

Bvi must have IP in Same subnet of 1.1.1.56/24.

MHM

polandlp · ‎03-21-2024

If my router received an IP from an ISP in BVI, would I have to set the same IP as the router would receive?

Rob Ingram · ‎03-21-2024

@polandlp it cannot be the same IP address as the router, it must be a different IP address in the same network.

polandlp · ‎03-21-2024

ok, but when i set diferent address ip it can destroy something in isp network?

MHM Cisco World · ‎03-21-2024

Why?

Image there are two L3 device (router and ISP) connect to one SW' and SW have VLAN SVI IP.

It work there are no problem.

Bvi have different IP than router and all three ISP' router and BVI in same subnet

MHM

Rob Ingram · ‎03-21-2024

@polandlp you cannot arbitrarily assign an IP address to the BVI, the routed network between you and the ISP must have a spare IP address for you to assign otherwise it will conflict. If for example you have a /30, one IP address used by your equipment and the other by the ISP, then there are no free IP addresses for you to use for the BVI IP.

polandlp · ‎03-21-2024

can you explain what is that ip used for?