Hi, friends, I am using ASA5525, version 9.8(1) to work with Hirschman switch. The Hirschman switch has been enabled PRP (parallel redundancy protocol) . The ASA was placed in the middle to control one link.I have two link, one FO, one lan cable. The ASA has been set to tranparent mode.

     When i bypass firewall, the PRP can work normally, two link for Hirschman switch can both up and switch over normally. But once i connect the ASA in the middle, it will shows network loop, two link cannot work properly. When i remove the FO cable, only leave lan cable and ASA, all the data can pass through.       I think some PRP control data has been block by ASA. Anyone has some experience before or any advice for this PRP issue. Many thanks.

     Two ASA in the middle, simple network structure:.

PRP switch -> ASA-> cisco switch -> cisco switch->ASA->PRP switch.

below is one asa setting, the other is same setting.

interface GigabitEthernet0/0

bridge-group 1

nameif inside1

security-level 100

!

interface GigabitEthernet0/0.22

vlan 22

bridge-group 2

nameif inside2

security-level 100

!

interface GigabitEthernet0/0.24

vlan 24

bridge-group 3

nameif inside3

security-level 100

interface GigabitEthernet0/4

bridge-group 1

nameif outside1

security-level 0

!

interface GigabitEthernet0/4.2

vlan 2

bridge-group 2

nameif outside2

security-level 0

!

interface GigabitEthernet0/4.4

vlan 4

bridge-group 3

nameif outside3

security-level 0

interface BVI1
ip address 172.17.4.200 255.255.252.0
!
interface BVI2
ip address 172.17.80.200 255.255.252.0
!
interface BVI3
ip address 192.168.1.202 255.255.255.0

access-list outside1_access_in extended permit ip any any

access-list outside2_access_in_1 extended permit ip any any

access-list inside_ether ethertype permit any

access-list inside2_access_in_1 extended permit ip any any

access-list inside1_access_in extended permit ip any any

access-list outside3_access_in_1 extended permit ip any any

access-list inside3_access_in_1 extended permit ip any any

access-list outside_ether ethertype permit any

access-group inside_ether in interface inside1

access-group inside1_access_in in interface inside1

access-group inside_ether in interface inside2

access-group inside2_access_in_1 in interface inside2

access-group inside_ether in interface inside3

access-group inside3_access_in_1 in interface inside3

access-group outside_ether in interface outside1

access-group outside1_access_in in interface outside1

access-group outside_ether in interface outside2

access-group outside2_access_in_1 in interface outside2

access-group outside_ether in interface outside3

access-group outside3_access_in_1 in interface outside3