03-06-2008 06:40 AM - edited 03-11-2019 05:13 AM
I have a frame connection to a class C network and want to segregate the traffic into four categories to be plugged into fa0 through fa3. I assigned an IP to fa4 and put vlan1 in switchport access mode with no ip but that does not allow firewalling unless I assign an ip to one more interface.
Is it possible to set an 871 between the edge router and the network without changing any net configs in the class C and still be able to firewall between the edge and the three interfaces?
03-12-2008 01:08 PM
Yes, you can configure an 871 as a transparent firewall. You will need to:
"Configure a Bridge Group (required)
"Configure Inspection and ACLs (required)
"Forward DHCP Traffic (optional)
"Monitor Transparent Firewall Events (optional)
Following link may help you
http://www.cisco.com/en/US/docs/ios/12_4/secure/configuration/guide/h_trans.html
03-13-2008 06:35 AM
adding the ip to the bridge group and specifying the route was what I was missing, thank you for pointing me to the doc, it was exactly what I needed.
03-13-2008 11:59 AM
But one more question.
If you wanted to utilize the sdm to configure firewall rules, you are required to add a second ip address. the two addresses are not allowed to overlap yet both must be on the same subnet to pick up the traffic?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide