I have one firewall need to be configured in transparent mode. I have inside and outside router. What is the configuration of transparent firewall ASA8.2. I didn't find the configuration on Cisco site.
View 17 RepliesI am trying to set the PIX firewall to transparent mode.After I set it to transparent firewall, I allowed all icmp, tcp, udp traffics.Currently, any devices in the inside network can get the ip automatically from DHCP server in the outside network but cannot ping to any servers in the outside network either access the internet.Do I need additional confiration on the firewall?
Here's the configuration:
PIX Version 7.0(1)
firewall transparent
names
!
interface Ethernet0
[Code]....
I want to configure an ASA 5505 in transparent mode (7.x). Somehow, I got it to work.. but i need some kind of step by step description. I just want to connect it with outside on a route .. inside in my LAN. Its working now with one ASA. But in the Web Interface the Interfaces inside and outside are down.. but its working.
View 5 Replies View RelatedI have a problem whit the configuration of a Firewall ASA 5585 whit the BVI Interface and transparent Firewall, I have 2 VLAN that i want to interconnect.
The problem is whit the configuration of VLAN. The traffic does not cross the FW.
I am in the process of adding a new ASA 5550 as a standby box to an existing ASA 5550 running on transparent mode. Both are on version ASA 8.0(4) and ASDM 6.2(1). I have set the new ASA 5550 to transparent mode. The configurations are the following for the HA: [code]My questions are the following:
1. The management ip address is different than the ip used for the failover link. Since the firewalls are on transparent mode, does the failover ip needs to be the same as the management ip address?
2. Does any other additional config is needed for HA to work for basic active/stand-by failover?
3. Which is the best method to add the second box without disrupting the active box?
I am very confused on how I setup a Pix 515 that I just got to route traffic out a cable modem. First, let me give you a little details on my current network setup and what I am trying to accomplish with this Pix 515. Currently all my users go out the proxy for any internet access, however I have certain users that need to go out the cable modem instead of the proxy server. Below is an example of the current IP setup of a user A:The cable modem that we currently have has DHCP so I would need the external PIX address to accept a DHCP address. I also don't really understand what else I need to setup so if I have say four users hitting the cable modem through the pix how do I direct their web traffic to the correct computer (NAT ?),I will be plugging the PIX into a cisco switch that all ports are in VLAN 48 so hopefully a static internal address on the pix of 10.24.48.254 will keep me from having to do any routes since all traffic will be originating from the 10.24.48.0 network.
View 1 Replies View RelatedWe have purchased a new Websense 10000 Appliance and I'm not a hundred percent how to set this up. I see that URL Filtering is a possibility and WCCP, which way to move forward on implementing this?
View 4 Replies View RelatedI am trying to set up my Cisco 520 router with a firewall that will: Allow port 80 traffic to the vlan 20,Block all other incomming ports to vlan 20 (unless initalised from inside),Allow all outgoing ports on vlan 20,Block all access from vlan 20 to vlan 10 (unless initalised from vlan 10)
View 35 Replies View RelatedI have a problem with the configuration of the ACL of my ASA 5505 router.However, the syntax seems okay,access-list 121 extended deny icmp 192.168.0.0 255.255.255.0 .
View 3 Replies View RelatedI have existing Sonic FW in my company we are moving from sonic FW to ASA 5510 Security plus lice. I have two ISP currently connected to sonic Firewall I am planning to implement Dual ISP configuration on ASA5510.
View 12 Replies View RelatedI've gotten to the point where I can test against active directory and get in, also I can get AD groups from my server on the ASA. My problem, I can't connect in via my AnyConnect client on my Android. I immediately get a "log in failed" and I know I'm using the right username/pass. Doing a little troubleshooting, I have attached my AnyConnect debug log and the results of the "debug ldap 255" command on the ASA. Also, I've used ldp.exe to determine I can connect in with the username/password combo I'm using.Combing through the AnyConnect logs I see a few instances of "global error unexpected" but no Google searches have brought up anything useful.
View 7 Replies View RelatedI do have the below setup,,
1. I have 6509 switch
2. I have 2 WLC configured in Active/Active mode connected in Trunk mode (L2 Port-Channel) connected with 6509 switch
3. On switch side i have configured the port as Trunk
4. L3 SVI for wireless users are created in 6509 switch (attached the diagram).
I would like to introduce a Cisco ASA 5520 firewall with AIp-SSM module so that all wirelees traffic can be inspected.
The issue is: Without changing any configuration in the network (switch & WLC) is it possible to introduce the firewall?
I have an asa 5520. How would I configure my dedicated management interface to be able to route off subnet while the firewall is in transparent mode?
View 1 Replies View RelatedI would like to configure an ASA5512-X in firewall transparent mode, but I am having trouble getting ASDM to lauch when I do.
I have created a BVI interface with an IP address, and I hve enabled the mangement interface, but ASDM does not lauch when I enter the IP adress of the BVI I created.
Apprently you need to use the bridge-group command to assign an interfce to a bridge group. When I enter this command at the (config-if) prompt for Management 0/0, this command is not recognized.
What are the general steps for configuring the management interface to be able to launch ASDM in transparent mode?
Trying to set up a asa 5505 in transparent firewall mode. I cannot set the management ip address:
ciscoasa> enable
Password:
ciscoasa# config term
[Code].....
I am configuring an ASA5540 firewall for a client, only difference to usual being that it is to run in Transparent mode. I have looked through for an EAL4 transparent firewall config guide but found nothing and therefore assumed that the usual one would be used.The clients security bod has now come back and insisted MAC filtering should be used but I can find no reference of this anywhere. Does MAC filtering is required to make a transparent box EAL4 compliant and if so where I can find documentation supporting this?
View 1 Replies View Related I'm trying to install an ASA 5510 transparent firewall using ASA version 8.4(3)9 but I don't understand how traffic will ever pass through my firewall if both interfaces are on the same sub net(V lan) as the host and it's default gateway? The reason I'm doing this is were installing UAG (or Direct Access) and the UAG appliance need to have public IP's but still be behind a firewall (see attached diagram).
Looking at the documentation (which all seems to be for 5505's running 8.2) it almost seems like i need to have the transparent firewall 'in-line' to the ISP router?, but this router services another IP address range on another v lan for other (routed) firewalls (not shown on diagram) so putting it 'in-line' is not possible. Surely this can't be the case can it? If not how is it supposed to be cabled up and configured so packets go through the firewall?
I am familiar with the PIX and ASA's. We have two Cisco 6509's with a FWSM installed in both. Our network is shown in the diagram. We use Blue Coat Packetshapers and Barracuda Proxy appliances. I plan on setting up HSRP on both 6509's for traffic coming from our ISP Cisco 2811's as well as use HSRP for our DMZ and internal network. I would like to setup the firewalls for statefull failover. We will be using PAT for our internal users and one-to-one static NAT for our DMZ.
Is it better to setup the firewall's as transparent or routed?
Since the firewall is built into the switch, how do I insert the Barracuda proxies? I can configure them as transparent or routed proxies.
I'm integrating a Cisco ASA5505 with a Websense proxy. I have a configuration setup where we have four routers which are used for Internet access. There are two VLAN's - Guest and Private. What I would like to achieve is making the use of available bandwidth by load distribution via GLBP, and filtering users web traffic. Two routers will be used for a GLBP group in one VLAN, and the other two routers will be used for GLBP in another VLAN.The users are connected to a Cisco 2960 switch and are in their respective VLAN's. I'm planning a 802.1q trunk to a Cisco ASA from the 2960 switch, carrying both VLAN's.What I would like to know is if there is a CSC module (or similar) which has Websense installed on it, and if it is possible to setup the ASA5505 in transparent mode to filter the traffic in this way? Hopefully this would allow multiple users to take advantage of the additional bandwidth, and not be restricted by using a traditional proxy setup which where all web traffic would be originating from a single MAC address.
View 1 Replies View Relatedi have a ASA5510 in the office, that already configured 3 context, namely, admin, user, server.in the server context, the last running config was not saved, and there was a power trip last friday night. 1 of the sub interface was affected, and i need to recreate that interface.I am getting the below error, it only allow me to do changes those pre-defined interface.how to I create extra sub interface?
View 3 Replies View RelatedWe've in our company a Cisco Asa 5510 v8.4(3), Asdm 6.4(7) and a SSM-CSC-10-K9. The firewall is in transparent mode. I get an exchange 2003 SP2 server behind. When users trying to send mailing lists with many recipients (above 300), the Exchange server didn't send these mails. I'm pretty sure that this problem come from the ASA Firewall, because when I plug my server directly on my Internet Connection, the mailing list is sent. I've search on the web, and disable "ESMTP Inspection", but it didn't work. [code]
View 4 Replies View RelatedI have a question regarding transparent firewalls using BVIs.Based from the diagram above, ASA1 is in Transparent mode.Port Gi0 is assigned BVI-1 and port Gi1 is assigned BVI-2. Is it possible for network 1 to communicate with network 2 ?The traffic will be passing through Firewall towards the router, The router will do the routing and then forward it back to the firewall then towards network 2?I am thinking of making port Gi2 of the firewall a trunk and use subinterfaces in order to forward BVI headers to the router.
View 6 Replies View RelatedI am quite new to firewall, in my company one asa 5510 firewall is there.I configured inside, outside, dns, dhcp and nating.I need to config bandwidth limit (1Mbps) for inside port and I restruct like facebook, youtube and pornsites..And I heard that some subscription is required, really is it required?
View 1 Replies View RelatedASA 505 is connected to layer 3 switch.ASA is in transparent mode.Layer 3 switch has SVI Vlan 20 and also it has dhcp server for vlan 20.PC connected to transparent switch is not able to get the IP address from layer switch.I have config the ACL on outside interface of ASA to allow the DHCP reply coming from Switch.When i assign static IP to PC connected to port eth0/1 of ASA it works fine. [code]
View 4 Replies View RelatedI need to know if the 5512X IPS will work if the ASA is in transparent mode and/or any limitations.
View 5 Replies View RelatedIs it possible for an 5505 ASA to be in transparent mode such as ethernet0/0 outside, ethernet 0/1 inside, and use ethernet 0/2 for syslog only on a seperate network other than the one that 0/0 and 0/1 is using. The tranparent part being on a 192.168.168.X/24 and the syslog server being on say a 10.2.1.X/24 network?
View 1 Replies View RelatedI just have 1 question. I am going to be getting U Verse installed at my house and have been having a hard time finding this in the documentation. The modem I am going to be getting is the 3800HGV-B. Over on the ATT forum users are stating that the modem needs every MAC of every potential IP. I thought about using it's DMZ Plus mode but I am getting a block of 8 IP's and it doesn't seem to play nice unless it see's 5 different MAC's. Right now I have my 5505 in routed mode so I don't believe it passes the MAC of the client's through. Will the ASA pass the MAC of the client's through to the modem with the appropriate ACL's applied?
View 2 Replies View RelatedRecently i have configured ASA5550 with 2 Contexts in Transparent mode. Traffic can pass through a single Firewall context but through both contexts it couldn't.
View 0 Replies View Related have a Cisco ASA that I am trying to configure in a unique way, I want it to perform a variety of tasks;
VPN SSL
VPN Tunnels
Firewall Inside to Outside via versa
But the difficult task, is creating a DMZ with devices that are assigned fully routed IP addresses from our ISP directly, these are H323 and SIP devices that cannot use NAT, and must have a fully routed IP address assigned to them.
Obviously the problem I have with the Firewall in its default routed mode, is that it wont allow me to overlap IP addresses on the outside interface with the DMZ interface.
Could the Firewall be configured for Transparent mode between Outside and DMZ, but Routed mode between Outside and Inside?
Eth0/0: 10.0.0./24 (inside)
Eth0/1: 190.0.0.0/24 (dmz)
Eth0/2: 190.0.0.0/24 (outside)
[Code]....
But could the new Cisco ASA with the latest firmware and model be ale to do this with 1 physical firewall?
Recently, I unable to configure the failover on bridge group in transparent mode . I have five interfaces .out of this only 3 is showing in the show run config . Whether I can config failover on on of the data interfaces.
I have the ASA 5520 with the version ASA Version 7.2(4) <context>
i need to configure a ASA 5505 in transparent mode.learned from Internet, my configuration is :
int e0/0 --- vlan 1---->nameif outside
int e0/4 --- vlan 2------> nameif inside
gloable ip is 172.17.104.10 255.255.255.0
http server enable
http 172.17.104.0 255.255.255.0 inside
when i connect the outside interface to one PC with ip addr 172.17.104.194 my PC connect to inside interface with ip 172.17.104.249 cannot ping each other even when i set rules as permit any any on both direction
I've setup my Cisco ASA 5505 in transparent mode. I have a Cisco 1841 connecting to the ISP (DHCP client) and F0/0 for inside. The 1841 is the DHCP server. I have my ASA 5505 behind the 1841 in transparent mode (Vlan 1 for Outside and Vlan 1 for inside). The router config is good as when you connect a computer straight to the inside interface I get DHCP and can go to internet, no problems what so ever. But When you're trying to go through ASA isn't not working. if I add a ip any any statement to the access list it will work but having an "ip any any" in a access list is like having no firewall at all.
ciscoasa(config)# sh run
: Saved
:
ASA Version 8.2(4)
!
firewall transparent
hostname ciscoasa
enable password zmQ6OnxvsOOEDNAy encrypted
[code]....
recently i have install asa 5520 (8.2) in my networks.Earlier I was using my transparent proxy with 2821 by the following configuration access-list 120 deny ip host 192.168.112.12 anyaccess-list 120 permit tcp any any eq wwwaccess-list 120 deny ip any any route-map PROXY-REDIRECT permit 10match ip address 120set ip next-hop 192.168.112.12 ip policy route-map PROXY-REDIRECT and was working fine. How i can use my transparent proxy with ASA?
View 2 Replies View Related