Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
660
Views
0
Helpful
4
Replies

Transparent Firewall Issue

Kyle Smith
Level 1
Level 1

‎02-22-2016 07:31 PM - edited ‎03-12-2019 12:22 AM

Hello,

I recently attempted placing an ASA in my environment in transparent mode to replace a Juniper transparent firewall and ran into some issues. The way my network is designed is I have a router with the default gateway for all the networks behind the firewall, my transparent firewall, and then a switch with 3 vlans on it all on the same /24 network.

When I tried cutting over to the ASA we were unable to test any rules. I tried checking the log viewer in ASDM but didnt see any traffic hitting the firewall. Is this normal behavior for the ASA in transparent mode? Also, not all devices appeared to be in my arp table which had me a bit concerned. 

Guess I am just trying to figure out what isn't working and why. Since ASDM wasnt showing any traffic in the log viewer I couldnt do much.

I can post example configs if anyone would feel it would be helpful.

Thanks,

Labels:
0 Helpful
4 Replies 4

Philip D'Ath
VIP Alumni
VIP Alumni

‎02-23-2016 01:12 AM

You just need to turn the logging up if you want to see it in the ASDM.  Try:

logging asdm informational
0 Helpful

Philip D'Ath
VIP Alumni
VIP Alumni

‎02-23-2016 01:13 AM

You don't actually mention anything that didn't work.

0 Helpful

Kyle Smith
Level 1
Level 1
In response to Philip D'Ath

‎02-23-2016 03:40 AM

Philip,

Thank you for your reply. My apologies, so what we had the testing team do is try and test the ACL logic based on what they previously were able to do with the Juniper firewall in place. I have 4 named interfaces; Outside, InsideA, InsideB, and InsideC. They tried to SSH to a few machines from the Outside to InsideA and weren't able to. From there, they tried other tests but nothing seemed to work. 

I jumped on ASDM to check the logging and I set the level to debugging to see everything. When I did, I didnt see any traffic hit the firewall which had me concerned. 

My interfaces are set up as such:


interface Gig0/0
nameif Outside
bridge-group 10
security-level 80
!
interface Gig0/1
nameif InsideA
bridge-group 10
security-level 80
!
interface Gig0/2
nameif InsideB
bridge-group 10
security-level 80
!
interface Gig0/3
nameif InsideC

bridge-group 10
security-level 80

interface BVI10
ip address 192.168.1.10

From my guess, traffic should flow to my ASA without me needing to add much more. At this point I should see traffic being allowed/denied.

0 Helpful

Philip D'Ath
VIP Alumni
VIP Alumni
In response to Kyle Smith

‎02-23-2016 11:06 AM

Try adding the below as well.  It should definitely be showing up.

logging trap informational
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card