Saved

:

ASA Version 9.1(1)

!

firewall transparent

<--- More --->

hostname ciscoasa

enable password

xlate per-session deny tcp any4 any4

xlate per-session deny tcp any4 any6

xlate per-session deny tcp any6 any4

xlate per-session deny tcp any6 any6

xlate per-session deny udp any4 any4 eq domain

xlate per-session deny udp any4 any6 eq domain

xlate per-session deny udp any6 any4 eq domain

xlate per-session deny udp any6 any6 eq domain

passwd

names

!

interface Ethernet0/0

nameif TRUSTED

bridge-group 1

security-level 100

!

interface Ethernet0/1

nameif UNTRUSTED

bridge-group 1

security-level 0

!

interface Ethernet0/2

<--- More --->

shutdown

no nameif

no security-level

!

interface Ethernet0/3

shutdown

no nameif

no security-level

!

interface Management0/0

management-only

shutdown

nameif MGT

security-level 100

ip address 10.10.10.212 255.255.255.0

!

interface BVI1

ip address 10.10.2.250 255.255.255.0

!

boot system disk0:/asa911-k8.bin

ftp mode passive

object-group network Trusated1

object-group network Untrusted1

object-group network Trusted

<--- More --->

object-group network Untrusted

object-group network Call_MGR

object-group network Trusted2

object-group network Untrusted2

object-group service DM_INLINE_SERVICE_1

service-object ip

object-group service DM_INLINE_SERVICE_2

service-object ip

access-list UNTRUSTED_access_in extended permit ip any any

access-list UNTRUSTED_access_in extended permit ip any4 any4

access-list TRUSTED_access_in extended permit ip any any

pager lines 24

logging enable

logging asdm informational

mtu TRUSTED 1500

mtu UNTRUSTED 1500

mtu MGT 1500

no failover

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

no arp permit-nonconnected

access-group TRUSTED_access_in in interface TRUSTED

access-group UNTRUSTED_access_in in interface UNTRUSTED

<--- More --->

timeout xlate 3:00:00

timeout pat-xlate 0:00:30

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

user-identity default-domain LOCAL

aaa authentication enable console LOCAL

aaa authentication ssh console LOCAL

http server enable

http 10.10.10.156 255.255.255.255 MGT

http 10.10.10.211 255.255.255.255 MGT

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart

crypto ipsec security-association pmtu-aging infinite

crypto ca trustpool policy

telnet timeout 5

ssh 10.10.10.156 255.255.255.255 MGT

ssh timeout 5

console timeout 0

<--- More --->

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

tftp-server MGT 10.10.10.162 C:\asa841-k8.bin

username cisco password privilege 15

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum client auto

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

<--- More --->

  inspect skinny 

  inspect sunrpc

  inspect xdmcp

  inspect sip 

  inspect netbios

  inspect tftp

  inspect ip-options

!

service-policy global_policy global

prompt hostname context

call-home reporting anonymous prompt 1

call-home

profile CiscoTAC-1

  no active

  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService

  destination address email callhome@cisco.com

  destination transport-method http

  subscribe-to-alert-group diagnostic

  subscribe-to-alert-group environment

  subscribe-to-alert-group inventory periodic monthly

  subscribe-to-alert-group configuration periodic monthly

  subscribe-to-alert-group telemetry periodic daily

Cryptochecksum:d41d8cd98f00b204e9800998ecf8427e

: end

Sorry;  You do not have the correct answer.  This firewall is in a  closed lab and not on the internet. 

I did I write erase and rebooted on 9.1.  I ensured the firewall was still in transparent, yet I did not see the bvi interface nor the option to create one. 

configure terminal

int bvi1 ( is an unrecognized command in 9.02 and 9.11)

upgrading from 8.4 to 9.02 seems to hold the bvi interface. 

I think we may have found a bug.

Any insights or can someone recreate this?

Hello,

That should not happen, is not that I do not trust you it's just that I have configure it and see it working

Log a session terminal on your favorite terminal app ( Putty, Secure CRT) and then show us the configuration , the mode is running,etc,etc

Regards

Ok we had to retype firewall transparent and then it took.  It is pinging now on 9.0 2 but not 9.1;  we had to wipe the device to get it to work as the upgrade was not good.

Great to hear that  ithe PING works now

Regards,