Cisco ASA transparent vs Routed mode

sgjr82841 · ‎03-03-2011

Hello Guys,

Is there any advantage using ASA transparent multi context mode vs using routed multicointext mode. Except avoiding the ip addressing re design and ease of inserting the firewall inside the existing network I do notice that there are few limitations with Transparent (like PAT, VPN etc)..

Re addressing is not a concern for customer.FYI,.Firewalls are at the internet edge..

History is that transparent firewall design was suggested by another engineer who has left and I have no clue why was it recommended. I do not think any reason why it should be transparent firewall until there is performace advantages of using transparent.

Can you please comment on the performance when compared with routed mode ?

Or is there any other advatage of using transaprent firewall over routed mode?

Thanks,,

PAUL GILBERT ARIAS · ‎03-03-2011

If there are no special needs of keeping the current ip scheme then you should be looking at routed mode. Transparent is just easier to implement since it requires less changes.

Sent from Cisco Technical Support iPhone App

sean_evershed · ‎03-03-2011

See the link below

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008089f467.shtml

As it states a major advantage of a transparent firewall is that it can allow through traffic that a layer 3 firewall can't, eg HSRP, multicast traffic, non IP traffic etc.

I doubt if there would a measurable performance difference between the two modes.

tahequivoice · ‎03-04-2011

Just keep in mind transparent mode doesnt support any VPN, only routed mode does, so you may want to find out if there will be any future implementations of VPN.