Cisco Firewall :: 5585 / Have Context In Transparent And Routed Mode?

Apr 24, 2012

Is it possible to have context in transperant mode and routed mode. Means if i need three context then 2 of them is in routed mode and one of them is in transperant mode. If yes then how, i can 't find this info in cisco website.?I am havin 5585-x and asa version 8.4?

View 8 Replies


ADVERTISEMENT

Cisco Firewall :: ASA 5585 Transparent Mode With Multiple Contexts

May 6, 2013

We are deploying the Cisco ASA 5585 in transparent mode with multiple contexts, the port-channel was configured to connect to the core switches using  dot1q trunk. We are experiencing an issue which is the core switches are configured loop guard globally, therefore the port-channel connected to the firewalls will be put into inconsistent state when the failover happen, and the two firewalls' failover can not fulfill the failover at last.
 
I have two queries below: 

1. Does the firewall allow the BPDU passing through when it is in standby mode, for example, secondary firewall is active for group 2 and standby for  group 1.  does the secondary firewall block the BPDU from the vlans under group1 ?   
2. Can we disable the loop guard feature on the switch port-channel or is there any other way to solve this issue ?

View 1 Replies View Related

Cisco Firewall :: ASA 5500 - Transparent And Routed Mode

Jun 26, 2012

have a Cisco ASA that I am trying to configure in a unique way, I want it to perform a variety of tasks;
 
VPN SSL
VPN Tunnels
Firewall Inside to Outside via versa
 
But the difficult task, is creating a DMZ with devices that are assigned fully routed IP addresses from our ISP directly, these are H323 and SIP devices that cannot use NAT, and must have a fully routed IP address assigned to them.
 
Obviously the problem I have with the Firewall in its default routed mode, is that it wont allow me to overlap IP addresses on the outside interface with the DMZ interface.
 
Could the Firewall be configured for Transparent mode between Outside and DMZ, but Routed mode between Outside and Inside?
 
Eth0/0: 10.0.0./24 (inside)
Eth0/1: 190.0.0.0/24 (dmz)
Eth0/2: 190.0.0.0/24 (outside)
 
[Code]....

But could the new Cisco ASA with the latest firmware and model be ale to do this with 1 physical firewall?

View 5 Replies View Related

Cisco Firewall :: ASA 5515 Transparent Mode / Multi Context And VLAN?

Jun 1, 2013

On ASA  5515  it shows it is in transparent mode  and it has multi context.As in transparent ASA  we know it has single Management IP address.This ASA is connected to  one switch  on two ports gi2 and gi3.One port carries vlan say 800  to the ASA.Other port carries vlan 500 from the ASA  to switch But when i log onto ASA  and do sh run it shows no VLan info there.

View 3 Replies View Related

Cisco Firewall :: CPU Usage Per Context On ASA 5585?

Jul 3, 2012

I am currently working with ASA 5585 with several contexts. What is the percentage of the CPU used per context. I already have the opportunity to do it for the whole ASA (context admin) using the SNMP mib CISCO-PROCES but, unfortunalty, this mib doesn't allow us to know the percentage of used CPU per context.
 
I was able to know the number of core used per context but not the percentage of the CPU used.

View 6 Replies View Related

Cisco Firewall :: 5585 Configuration BVI Transparent FW And VLAN

May 28, 2013

I have a problem whit the configuration of a Firewall ASA 5585 whit the BVI Interface and transparent Firewall, I have 2 VLAN that i want to interconnect.

The problem is whit the configuration of VLAN. The traffic does not cross the FW.

View 1 Replies View Related

Cisco Firewall :: ASA 8.4 In Multiple Context Mode With Different Amounts Of Context

Jan 13, 2013

I have two ASA 5510 in an Active/Active failover configuration; On the first ASA I have a license for five security contexts, on the second one I have the default two. On the pair I configured seven security contexts and everything works as expected; so far so good. Let's suppose now that the first ASA (the one with the license for 5 contexts) goes up in smoke; all the contexts migrate to the surviving firewall and life is still good. But what happens if, for some reason, I need to reboot the second ASA before the first one is repaired? My guess is that it will come up with just its own license for two contexts and that I will not be able to operate all my virtual firewalls.

View 2 Replies View Related

Cisco Firewall :: ASA 5585 Multiple Context Licensing

Apr 27, 2011

I am looking to deploy a cloud/borderless network solution and cannot get my head around how the licenses (AnyConnect Mobile and essentials) will be applied in a multiple context deployment. Any correct documentation.

View 1 Replies View Related

Cisco Firewall :: 5585 - BVI Doesn't Show Up In Multi Context ASA

May 7, 2013

I have an ASA 5585 in transparent mode, multi-context. It seems that the option to configure a BVI in one of the traffic contexts isn't there. In other words, while I see the option to configure a bridge group interface in the admin context, no such option comes up in the traffic context.
[CODE]....

View 1 Replies View Related

Cisco Firewall :: ASA 5520 - Routed Management Interface On Transparent Firewall?

May 5, 2013

I have an asa 5520.  How would I configure my dedicated management interface to be able to route off subnet while the firewall is in transparent mode?

View 1 Replies View Related

Cisco Firewall :: 6509 - Is It Better To Setup Firewall As Transparent Or Routed

May 9, 2011

I am familiar with the PIX and ASA's.  We have two Cisco 6509's with a FWSM installed in both.  Our network is shown in the diagram.  We use Blue Coat Packetshapers and Barracuda Proxy appliances.  I plan on setting up HSRP on both 6509's for traffic coming from our ISP Cisco 2811's as well as use HSRP for our DMZ and internal network.  I would like to setup the firewalls for statefull failover.  We will be using PAT for our internal users and one-to-one static NAT for our DMZ. 

Is it better to setup the firewall's as transparent or routed?
 
Since the firewall is built into the switch, how do I insert the Barracuda proxies?  I can configure them as transparent or routed proxies.

View 2 Replies View Related

Cisco Firewall :: ASA 5585 Cannot Connect To Context Active In Failover Group 2

Nov 7, 2011

I am setting up a new pair of ASA 5585's in a multi-context, active/active failover design.  I cannot create management SSH connection to the contexts that are assigned to failover group 2.  With all the security contexts that are assigned to failover group 1 I can SSH to the inside interface IP and login without a problem.  When I try to do that to the group 2 contexts there is no response from the firewall at all, PuTTY just times out.
 
My firewalls are running version 8.2(4).  The contexts seem to be functioning normally in all other respects.

View 5 Replies View Related

Cisco Firewall :: How Many Default Virtual Context Counts With ASA 5585 Series

Feb 13, 2012

I prepare replace FWSM to ASA 5585 Series,but I confuse the default virtual context counts on ASA 5585.I used 3 virtual contexts on my old FWSM(1 admin context with 2 contexts).According the ASA configuration guide below. url...
 
It state the ASA 5585 have default 2 contexts,Does it state the ASA 5585 just have 2 contexts or  1 admin context plus "2" context (3 contexts available)

View 4 Replies View Related

Cisco Firewall :: ASA 9.X Routed - Inspect Traffic For All L3 And Transparent Contexts

May 12, 2013

We are currently looking at design models for a Multi-Tenancy solution.The firewall layer will be 2 X ASA's running 9.X to take advantage of VPN's in multiple context mode and mixed L3 and L2 contexts.
 
We will be delivering services through multiple L3 contexts (between 2 and 5 L3 contexts for services) and 1 transparent context for customers infrastructure  who will then have virtual firewalls for NAT's and VPN's etc withing their own environment.
 
I am not very experienced with IPS so my query is; if we were to get an IPS license for both ASA's how would the IPS fit in, can we use it to inspect traffic for all the L3 contexts and the transparent context?

View 4 Replies View Related

Cisco Firewall :: ASA5510 Single Mode / Move To Multi Context Mode

Sep 16, 2012

I got an ASA 5510 system currently in single context mode, with CSC SSM installed. Single ISP uplink to internet, no VPN. And now customer would like add another ISP uplink, without invest another box for HA.What come across my mind is make the current box into multi context. There's some area i need to concern and also need yours perspective on it.
 
Question 1: For making the firewall into multi context, am i need to do it from scratch, issue mode multiple command. Then rebuilt the current production config into one of the context, then another context meant for the new IPS uplink, and one admin context?
 
Question 2: For CSC -SSM licensing requirement, model ASA 5510 with security plus license is able to support 2 context. So if i split my firewall like what i mention in question, what exactly number of context do i own (admin, context A, context B)?
 
Question 3: For CSC-SSM module in multi context mode, so the management port of CSC SSM must attach at admin context?
 
Question 4: After configured all the policy and traffic to scan, how exactly i should do in order apply this policy to the interface?  Should i only enable at admin context, then firewall service-policy rules, and apply it global, OR should i also do the same action on context A and Context B?

View 3 Replies View Related

Cisco Firewall :: ASA Firewall Positioning In Transparent Mode Between 6509 Core Switch And WLC

Apr 26, 2011

I do have the below setup,,
 
1. I have 6509 switch
 
2. I have 2 WLC configured in Active/Active mode connected in Trunk mode (L2 Port-Channel) connected with 6509 switch
 
3. On switch side i have configured the port as Trunk
 
4. L3 SVI for wireless users are created in 6509 switch (attached the diagram).
 
I would like to introduce a Cisco ASA 5520 firewall with AIp-SSM module so that all wirelees traffic can be inspected.
 
The issue is: Without changing any configuration in the network (switch & WLC) is it possible to introduce the firewall?

View 2 Replies View Related

Cisco Firewall :: ASA5512-X - ASDM In Firewall Transparent Mode

Dec 3, 2012

I would like to configure an ASA5512-X in firewall transparent mode, but I am having trouble getting ASDM to lauch when I do.
 
I have created a BVI interface with an IP address, and I hve enabled the mangement interface, but ASDM does not lauch when I enter the IP adress of the BVI I created.
 
Apprently you need to use the bridge-group command to assign an interfce to a bridge group. When I enter this command at the (config-if) prompt for Management 0/0, this command is not recognized.
 
What are the general steps for configuring the management interface to be able to launch ASDM in transparent mode?

View 1 Replies View Related

Cisco Firewall :: 5512X IPS In Transparent Mode

Dec 19, 2012

I need to know if the 5512X IPS will work if the ASA is in transparent mode and/or any limitations.

View 5 Replies View Related

Cisco Firewall :: Is It Possible For 5505 ASA To Be In Transparent Mode

Feb 20, 2013

Is it possible for an 5505 ASA to be in transparent mode such as ethernet0/0 outside, ethernet 0/1 inside, and use ethernet 0/2 for syslog only on a seperate network other than the one that 0/0 and 0/1 is using.  The tranparent part being on a 192.168.168.X/24 and the syslog server being on say a 10.2.1.X/24 network?

View 1 Replies View Related

Cisco Firewall :: ASA 5505 - Transparent Mode

Sep 15, 2012

I just have 1 question. I am going to be getting U Verse installed at my house and have been having a hard time finding this in the documentation. The modem I am going to be getting is the 3800HGV-B. Over on the ATT forum users are stating that the modem needs every MAC of every potential IP. I thought about using it's DMZ Plus mode but I am getting a block of 8 IP's and it doesn't seem to play nice unless it see's 5 different MAC's. Right now I have my 5505 in routed mode so I don't believe it passes the MAC of the client's through. Will the ASA pass the MAC of the client's through to the modem with the appropriate ACL's applied?

View 2 Replies View Related

Cisco Firewall :: Asa 5520 Context Mode

Jan 14, 2013

We have a pair of cisco Asa 5520 currently running multiple context mode. We wish to change to single context mode for following reasonWe will migrate infrastructure to hosted vendor . I was thinking of configuring site to site . Current Asa we pal to kee since wireless sits in our DMz and we have net screen that hosts tunnel for erp1. Is context change required for running site to site2. Is it a good idea for creating site to site on to make sure wireless network and oracle traffic goes through managed firewall ?

View 22 Replies View Related

Cisco Firewall :: ASA5510 Firewall Transparent Mode

Sep 10, 2012

i have a ASA5510 in the office, that already configured 3 context, namely, admin, user, server.in the server context, the last running config was not saved, and there was a power trip last friday night. 1 of the sub interface was affected, and i need to recreate that interface.I am getting the below error, it only allow me to do changes those pre-defined interface.how to I create extra sub interface?

View 3 Replies View Related

Cisco Firewall :: ASA 5510 Firewall Is In Transparent Mode

Apr 10, 2013

We've in our company a Cisco Asa 5510 v8.4(3), Asdm 6.4(7) and a SSM-CSC-10-K9. The firewall is in transparent mode. I get an exchange 2003 SP2 server behind. When users trying to send mailing lists with many recipients (above 300), the Exchange server didn't send these mails. I'm pretty sure that this problem come from the ASA Firewall, because when I plug my server directly on my Internet Connection, the mailing list is sent. I've search on the web, and disable "ESMTP Inspection", but it didn't work. [code]

View 4 Replies View Related

Cisco WAN :: ASA5500 Transparent Multi Mode Firewall

Feb 4, 2012

Recently i have configured ASA5550 with 2 Contexts in Transparent mode. Traffic can pass through a single Firewall context but through both contexts it couldn't.

View 0 Replies View Related

Cisco Firewall :: Failover Transparent Mode ASA 5520?

Sep 19, 2012

Recently, I unable to configure the failover on bridge group in transparent mode . I have five interfaces .out of this only 3 is showing in the show run config . Whether I can config failover on on of the data interfaces.
 
I have the ASA 5520 with the version ASA Version 7.2(4) <context>

View 3 Replies View Related

Cisco Firewall :: ASA 5505 Transparent Mode Setup?

Dec 5, 2011

i need to configure a ASA 5505 in transparent mode.learned from Internet, my configuration is :

int e0/0 --- vlan 1---->nameif outside
int e0/4 --- vlan 2------> nameif inside
gloable ip is 172.17.104.10 255.255.255.0
 http server enable
http 172.17.104.0 255.255.255.0 inside
 
when i connect the outside interface to one PC with ip addr 172.17.104.194 my PC connect to inside interface with ip 172.17.104.249 cannot ping each other even when i set rules as permit any any on both direction

View 2 Replies View Related

Cisco Firewall :: ASA 5505 In Transparent Mode Traffic?

Oct 23, 2011

I've  setup my Cisco ASA 5505 in transparent mode. I have a Cisco 1841  connecting to the ISP (DHCP client) and F0/0 for inside. The 1841 is the  DHCP server.  I have my ASA 5505 behind the 1841 in transparent mode  (Vlan 1 for Outside and Vlan 1 for inside). The router config is  good as when you connect a computer straight to the inside interface I  get DHCP and can go to internet, no problems what so ever. But When  you're trying to go through ASA isn't not working.  if I add a ip any any statement to the access list it will work but  having an "ip any any" in a access list is like having no firewall at  all.

ciscoasa(config)# sh run
: Saved
:
ASA Version 8.2(4)
!
firewall transparent
hostname ciscoasa
enable password zmQ6OnxvsOOEDNAy encrypted

[code]....

View 4 Replies View Related

Cisco Firewall :: ASA5505 Transparent Mode Not Working

Feb 19, 2013

I have a cisco ASA5505 configured in transparent mode. This evening we attempted to plug a couple of new servers in but they simply didnt work, despite our test server working absolutely fine. The server IP's are all in a network object group (the same as the test server) and they're all using the same ACLs etc. I'm relatively new to configuring cisco equipment.
 
the only thing I can think of is a static route I had to add to get the managemet IP to work might be causing problems.route outside 0.0.0.0 0.0.0.0 XX.XXX.132.1 1(IP addresses obfuscated- servers are all in the same range so assume XX.XXX is the same across all IP's).

View 7 Replies View Related

Cisco Firewall :: ASA5510 - LACP In Transparent Mode

Mar 3, 2013

I understand that in transparent mode an ASA5510 would only be able to have two interfaces, inside and outside. My question is could one of those logical interfaces be an LACP'd interface, made up of two physical interfaces. Topology below. I understand that the router and ASA5510 are SPOF here, so it is a bit of a moot point, but we're connecting already existing infrastructures together!
 
|-------–---|      |---------|        
| Switch 1  |------|         |        
|-----------|      | ASA5510 |         |----------|
     | |           | (transp |---------|  Router  |
|-------–---|      |  mode)  |         |----------|
| Switch 2  |------|         |        
|-----------|      |---------|        

View 4 Replies View Related

Cisco Firewall :: ASA 5510 - Can Transparent Mode Use / 30 And Still Work

Oct 9, 2012

I have a ASA 5510 that is connected to my ISP and the inside interface that is connected to my router.  I have a /30 and need to determine if the configuration of x.x.x.121/30 which is my ISP and also the BVI address on the ASA.  The inside router address is x.x.x.122/30 same subnet as my ISP will allow me to pass traffic.  Management interface works using a different ip address but not able to get the traffic to pass traffic out to the internet thru the ASA
 
ISP-------->ASA-------->Router 
 
Bottom Line is that I only have one usable address that is being used by the router and the ISP and ASA are using the other.  Will this work?

View 4 Replies View Related

Cisco Firewall :: ASA 8.4 Transparent Mode Creation Of Sub Interfaces

Jul 30, 2012

On the ASA running  the 8.4.4.1 code in transparent mode. Can I create sub interfaces in different vlans and attach them to different BVI groups?
 
switch---trunk---ASA---Trunk---switch
 
Gig0/1.1 vlan 100 bridge-gr1          Gig0/2.1 vlan 101 bridge-gr1
Gig0/1.2 vlan 200 bridge-gr2          Gig0/2.2 vlan 201 bridge-gr2

View 6 Replies View Related

Cisco Firewall :: SSLVPN 9.0 / Web Vpn In Multiple Context Mode?

Mar 11, 2013

We already know that ASA 9.0 supports site-to-site VPN in multiple context mode. But remote access VPN isn't supported. Obviously, SSL-VPN is a very important feature for most multi-tenant deployment scenarios where each context acts as a border firewall towards the Internet for each tenant. The alternative to terminate all tenant remote-access VPNs in one context means that each tenant would have to be routable from the ASA, which of course isn't a reasonable requirement in most cases.
 
So, what I'd like to do is to deploy an ASA cluster, and provide remote access VPNs for each tenant, where the connectivity for each remote access group can be addressed with whatever IP address space, and that goes into it's own VRF in the back-end.
 
As far as I can tell, this isn't doable with the ASA, since multiple context mode prohibits the use of remote access VPN, and I can't think of any other work-around than either having individual firewalls running in single context mode for each tenant, or demand that all tenants are interoperable routing-wise and configure a separate ip address pool in a single context mode for each tenant.
 
Essentially, there's no good way to implement this with multiple virtual firewalls, using cisco firewalls?

View 1 Replies View Related

Cisco Firewall :: Basic Config Transparent Mode ASA 5510

Apr 19, 2012

I m trying to set my friewall in my network. The network is very simple. I have my router in 192.168.16.1 255.255.255.0 (mac-address  58-98-35-2a-4c-39) I have my switch in 192.168.16.26 255.255.255.0 (mac-address 00-19-99-5d-1f-43) and i have my firewall ASA between the router and the switch in 192.168.16.250 255.255.255.0 (mac-address 64-9e-f3-ba-28-c9)
 
So i need to configure 3 interface in my ASA.
- OUTSIE e0/0(I call it INTERNET)
- INSIDE e0/1(I call it LAN)
- MANGEMENT m0/0(I call it MANAGEMENT)
 
[Code]....
 
But with this config when I plug the firewall, i dont have access to internet anymore.

View 7 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved