Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1679
Views
15
Helpful
3
Replies

Trunk configuration in ASA tranparent mode

Go to solution
MrBeginner
Spotlight
Spotlight

‎11-12-2020 07:04 PM

Hi,

I would like ask about tranparent mode ASA.

i want to integrate my network with customer network.

 

myl2 switch===>ASAtranparent===>customer switch.

 

Now problem is customer switch configure trunk port which connected to our firewall.

my side is create only one vlan on the switch .Firewall didn't create vlan.

So i would like to now can i create the trunk allow vlan in outside interface?

if i don't want to create the trunk link in outside interface what should we do?

let me know which way is the better?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Aref Alsouqi
VIP
VIP

‎11-14-2020 10:54 AM

I would say if there is no requirement to trunk the connection, it would be better to ask you customer to remove the trunk and set up the connected port to the outside interface in access mode.

If that is not an option, then you can do something like this on the firewall outside interface to work on the trunk link:

interface Gi0/0
 no nameif
 no security-level

interface Gi0/0.xxx
 vlan xxx
 nameif outside
 bridge-group 1
 security-level 0

interface Gi0/1
 nameif inside
 bridge-group 1
 security-level 100

interface BVI1
 ip address xxx.xxx.xxx.xxx 255.255.255.0

That should work. If you don't want to use trunk, just configure the outside interface similar to Gi0/1 changing the nameif and the security level.

View solution in original post

3 Replies 3

Go to solution
Aref Alsouqi
VIP
VIP

‎11-14-2020 10:54 AM

I would say if there is no requirement to trunk the connection, it would be better to ask you customer to remove the trunk and set up the connected port to the outside interface in access mode.

If that is not an option, then you can do something like this on the firewall outside interface to work on the trunk link:

interface Gi0/0
 no nameif
 no security-level

interface Gi0/0.xxx
 vlan xxx
 nameif outside
 bridge-group 1
 security-level 0

interface Gi0/1
 nameif inside
 bridge-group 1
 security-level 100

interface BVI1
 ip address xxx.xxx.xxx.xxx 255.255.255.0

That should work. If you don't want to use trunk, just configure the outside interface similar to Gi0/1 changing the nameif and the security level.

Go to solution
MrBeginner
Spotlight
Spotlight
In response to Aref Alsouqi

‎11-15-2020 06:50 PM - edited ‎11-15-2020 09:44 PM

Hi @Aref Alsouqi ,

let me know if i configure my switch port which connected to ASA inside interface and customer switch port which connected to asa outside interface are access port and same vlan ,it should work ?

 

Or can we allow all vlan on trunk link ?

Go to solution
Aref Alsouqi
VIP
VIP
In response to MrBeginner

‎11-15-2020 10:16 PM

Yes, you can configure both switches ports connected to both interfaces of the ASA in the same VLAN, that should work.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card