Cisco ASA Transparent mode

mikiNet · ‎02-03-2021

Hello Guys,

Maybe it will be banal question, but I don't understand one of concept when implementing ASA in transparent mode.

Basicly, I don't understand WHY we need to use TWO different vlans ? I can't find any good explanation, I only find information that I need to do this otherwise it not work... Is it needed to avoid some traffic bypasses firewall ? What happen if I set the same VLAN ?

Please explain me because I can't understand that topic...

balaji.bandi · ‎02-03-2021

as per my understand and my notes :

The ASA uses bridge groups for transparent firewall configurations. Bridge groups require distinct interfaces, which include the VLAN tag.

Each interface is a broadcast domain.

ASA performs secure transparent bridging between two broadcast domains.

If you don't want multiple firewall contexts to share the same physical interface on the ASA, you can simply put two physical interfaces (using their untagged native vlan) in the same bridge group.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MHM Cisco World · ‎02-03-2021

...

brettp · ‎08-16-2023

I too have had the same question and spent quite a bit of time trying to understand why it's necessary. I would assume it has something to do with blocking the forwarding of broadcasts beyond the firewall (but wouldn't you want that half the time? Like for DHCP?) I don't understand why it's noted everywhere that the interfaces "must" be in different VLANs as I have seen numerous cases where the "inside" and "outside" interfaces are in the same VLAN and everything works fine.