Cisco Firewall :: Failover Transparent Mode ASA 5520?

Sep 19, 2012

Recently, I unable to configure the failover on bridge group in transparent mode . I have five interfaces .out of this only 3 is showing in the show run config . Whether I can config failover on on of the data interfaces.
 
I have the ASA 5520 with the version ASA Version 7.2(4) <context>

View 3 Replies


ADVERTISEMENT

Cisco Firewall :: Configure ASA 5520 In Transparent Bridge Mode

Sep 20, 2012

I am new to cisco ASA. I need to configure ASA 5520 in transparent bridge mode. [code] I need to place the new asa firewall in transparent mode. How to configure the firewall in transparent bridgmode.

View 5 Replies View Related

Cisco WAN :: OSPF ASA 5520 In Failover Mode?

Apr 1, 2008

I currently have a set of firewalls in active standby configuration running an ospf process injecting a default route into the rest of my network.I noticed when i was testing the failover that the asa's do not actually pass the route tables on failover, thus forcing the need to wait for routes to converge and for the default route to be advertised back into the network. This of course is not acceptable.
 
Is there a way around this or do I have to setup static default routes on every device in my network. I am trying to avoid setting up default routes on all of the devices because due to the setup of my network I have equal cost links configured in the event of hardware or link failure. So the devices then see an advertised default route from multiple paths.

View 4 Replies View Related

Cisco Firewall :: ASA Firewall Positioning In Transparent Mode Between 6509 Core Switch And WLC

Apr 26, 2011

I do have the below setup,,
 
1. I have 6509 switch
 
2. I have 2 WLC configured in Active/Active mode connected in Trunk mode (L2 Port-Channel) connected with 6509 switch
 
3. On switch side i have configured the port as Trunk
 
4. L3 SVI for wireless users are created in 6509 switch (attached the diagram).
 
I would like to introduce a Cisco ASA 5520 firewall with AIp-SSM module so that all wirelees traffic can be inspected.
 
The issue is: Without changing any configuration in the network (switch & WLC) is it possible to introduce the firewall?

View 2 Replies View Related

Cisco Firewall :: ASA5512-X - ASDM In Firewall Transparent Mode

Dec 3, 2012

I would like to configure an ASA5512-X in firewall transparent mode, but I am having trouble getting ASDM to lauch when I do.
 
I have created a BVI interface with an IP address, and I hve enabled the mangement interface, but ASDM does not lauch when I enter the IP adress of the BVI I created.
 
Apprently you need to use the bridge-group command to assign an interfce to a bridge group. When I enter this command at the (config-if) prompt for Management 0/0, this command is not recognized.
 
What are the general steps for configuring the management interface to be able to launch ASDM in transparent mode?

View 1 Replies View Related

Cisco Firewall :: 5512X IPS In Transparent Mode

Dec 19, 2012

I need to know if the 5512X IPS will work if the ASA is in transparent mode and/or any limitations.

View 5 Replies View Related

Cisco Firewall :: Is It Possible For 5505 ASA To Be In Transparent Mode

Feb 20, 2013

Is it possible for an 5505 ASA to be in transparent mode such as ethernet0/0 outside, ethernet 0/1 inside, and use ethernet 0/2 for syslog only on a seperate network other than the one that 0/0 and 0/1 is using.  The tranparent part being on a 192.168.168.X/24 and the syslog server being on say a 10.2.1.X/24 network?

View 1 Replies View Related

Cisco Firewall :: ASA 5505 - Transparent Mode

Sep 15, 2012

I just have 1 question. I am going to be getting U Verse installed at my house and have been having a hard time finding this in the documentation. The modem I am going to be getting is the 3800HGV-B. Over on the ATT forum users are stating that the modem needs every MAC of every potential IP. I thought about using it's DMZ Plus mode but I am getting a block of 8 IP's and it doesn't seem to play nice unless it see's 5 different MAC's. Right now I have my 5505 in routed mode so I don't believe it passes the MAC of the client's through. Will the ASA pass the MAC of the client's through to the modem with the appropriate ACL's applied?

View 2 Replies View Related

Cisco Firewall :: ASA 5520 - Routed Management Interface On Transparent Firewall?

May 5, 2013

I have an asa 5520.  How would I configure my dedicated management interface to be able to route off subnet while the firewall is in transparent mode?

View 1 Replies View Related

Cisco Firewall :: ASA5510 Firewall Transparent Mode

Sep 10, 2012

i have a ASA5510 in the office, that already configured 3 context, namely, admin, user, server.in the server context, the last running config was not saved, and there was a power trip last friday night. 1 of the sub interface was affected, and i need to recreate that interface.I am getting the below error, it only allow me to do changes those pre-defined interface.how to I create extra sub interface?

View 3 Replies View Related

Cisco Firewall :: ASA 5510 Firewall Is In Transparent Mode

Apr 10, 2013

We've in our company a Cisco Asa 5510 v8.4(3), Asdm 6.4(7) and a SSM-CSC-10-K9. The firewall is in transparent mode. I get an exchange 2003 SP2 server behind. When users trying to send mailing lists with many recipients (above 300), the Exchange server didn't send these mails. I'm pretty sure that this problem come from the ASA Firewall, because when I plug my server directly on my Internet Connection, the mailing list is sent. I've search on the web, and disable "ESMTP Inspection", but it didn't work. [code]

View 4 Replies View Related

Cisco WAN :: ASA5500 Transparent Multi Mode Firewall

Feb 4, 2012

Recently i have configured ASA5550 with 2 Contexts in Transparent mode. Traffic can pass through a single Firewall context but through both contexts it couldn't.

View 0 Replies View Related

Cisco Firewall :: ASA 5500 - Transparent And Routed Mode

Jun 26, 2012

have a Cisco ASA that I am trying to configure in a unique way, I want it to perform a variety of tasks;
 
VPN SSL
VPN Tunnels
Firewall Inside to Outside via versa
 
But the difficult task, is creating a DMZ with devices that are assigned fully routed IP addresses from our ISP directly, these are H323 and SIP devices that cannot use NAT, and must have a fully routed IP address assigned to them.
 
Obviously the problem I have with the Firewall in its default routed mode, is that it wont allow me to overlap IP addresses on the outside interface with the DMZ interface.
 
Could the Firewall be configured for Transparent mode between Outside and DMZ, but Routed mode between Outside and Inside?
 
Eth0/0: 10.0.0./24 (inside)
Eth0/1: 190.0.0.0/24 (dmz)
Eth0/2: 190.0.0.0/24 (outside)
 
[Code]....

But could the new Cisco ASA with the latest firmware and model be ale to do this with 1 physical firewall?

View 5 Replies View Related

Cisco Firewall :: ASA 5505 Transparent Mode Setup?

Dec 5, 2011

i need to configure a ASA 5505 in transparent mode.learned from Internet, my configuration is :

int e0/0 --- vlan 1---->nameif outside
int e0/4 --- vlan 2------> nameif inside
gloable ip is 172.17.104.10 255.255.255.0
 http server enable
http 172.17.104.0 255.255.255.0 inside
 
when i connect the outside interface to one PC with ip addr 172.17.104.194 my PC connect to inside interface with ip 172.17.104.249 cannot ping each other even when i set rules as permit any any on both direction

View 2 Replies View Related

Cisco Firewall :: ASA 5505 In Transparent Mode Traffic?

Oct 23, 2011

I've  setup my Cisco ASA 5505 in transparent mode. I have a Cisco 1841  connecting to the ISP (DHCP client) and F0/0 for inside. The 1841 is the  DHCP server.  I have my ASA 5505 behind the 1841 in transparent mode  (Vlan 1 for Outside and Vlan 1 for inside). The router config is  good as when you connect a computer straight to the inside interface I  get DHCP and can go to internet, no problems what so ever. But When  you're trying to go through ASA isn't not working.  if I add a ip any any statement to the access list it will work but  having an "ip any any" in a access list is like having no firewall at  all.

ciscoasa(config)# sh run
: Saved
:
ASA Version 8.2(4)
!
firewall transparent
hostname ciscoasa
enable password zmQ6OnxvsOOEDNAy encrypted

[code]....

View 4 Replies View Related

Cisco Firewall :: ASA5505 Transparent Mode Not Working

Feb 19, 2013

I have a cisco ASA5505 configured in transparent mode. This evening we attempted to plug a couple of new servers in but they simply didnt work, despite our test server working absolutely fine. The server IP's are all in a network object group (the same as the test server) and they're all using the same ACLs etc. I'm relatively new to configuring cisco equipment.
 
the only thing I can think of is a static route I had to add to get the managemet IP to work might be causing problems.route outside 0.0.0.0 0.0.0.0 XX.XXX.132.1 1(IP addresses obfuscated- servers are all in the same range so assume XX.XXX is the same across all IP's).

View 7 Replies View Related

Cisco Firewall :: ASA5510 - LACP In Transparent Mode

Mar 3, 2013

I understand that in transparent mode an ASA5510 would only be able to have two interfaces, inside and outside. My question is could one of those logical interfaces be an LACP'd interface, made up of two physical interfaces. Topology below. I understand that the router and ASA5510 are SPOF here, so it is a bit of a moot point, but we're connecting already existing infrastructures together!
 
|-------–---|      |---------|        
| Switch 1  |------|         |        
|-----------|      | ASA5510 |         |----------|
     | |           | (transp |---------|  Router  |
|-------–---|      |  mode)  |         |----------|
| Switch 2  |------|         |        
|-----------|      |---------|        

View 4 Replies View Related

Cisco Firewall :: ASA 5510 - Can Transparent Mode Use / 30 And Still Work

Oct 9, 2012

I have a ASA 5510 that is connected to my ISP and the inside interface that is connected to my router.  I have a /30 and need to determine if the configuration of x.x.x.121/30 which is my ISP and also the BVI address on the ASA.  The inside router address is x.x.x.122/30 same subnet as my ISP will allow me to pass traffic.  Management interface works using a different ip address but not able to get the traffic to pass traffic out to the internet thru the ASA
 
ISP-------->ASA-------->Router 
 
Bottom Line is that I only have one usable address that is being used by the router and the ISP and ASA are using the other.  Will this work?

View 4 Replies View Related

Cisco Firewall :: ASA 8.4 Transparent Mode Creation Of Sub Interfaces

Jul 30, 2012

On the ASA running  the 8.4.4.1 code in transparent mode. Can I create sub interfaces in different vlans and attach them to different BVI groups?
 
switch---trunk---ASA---Trunk---switch
 
Gig0/1.1 vlan 100 bridge-gr1          Gig0/2.1 vlan 101 bridge-gr1
Gig0/1.2 vlan 200 bridge-gr2          Gig0/2.2 vlan 201 bridge-gr2

View 6 Replies View Related

Cisco Firewall :: Basic Config Transparent Mode ASA 5510

Apr 19, 2012

I m trying to set my friewall in my network. The network is very simple. I have my router in 192.168.16.1 255.255.255.0 (mac-address  58-98-35-2a-4c-39) I have my switch in 192.168.16.26 255.255.255.0 (mac-address 00-19-99-5d-1f-43) and i have my firewall ASA between the router and the switch in 192.168.16.250 255.255.255.0 (mac-address 64-9e-f3-ba-28-c9)
 
So i need to configure 3 interface in my ASA.
- OUTSIE e0/0(I call it INTERNET)
- INSIDE e0/1(I call it LAN)
- MANGEMENT m0/0(I call it MANAGEMENT)
 
[Code]....
 
But with this config when I plug the firewall, i dont have access to internet anymore.

View 7 Replies View Related

Cisco Firewall :: 5585 / Have Context In Transparent And Routed Mode?

Apr 24, 2012

Is it possible to have context in transperant mode and routed mode. Means if i need three context then 2 of them is in routed mode and one of them is in transperant mode. If yes then how, i can 't find this info in cisco website.?I am havin 5585-x and asa version 8.4?

View 8 Replies View Related

Cisco Firewall :: ASA 5505 - Transparent Mode And Mac Address Table

Nov 28, 2011

I have an ASA 5505 in transparent mode. The device mac address table is always empty.

show mac-address-table and show mac-learn both come with empty response.

View 1 Replies View Related

Cisco Firewall :: ASA 5505 Transparent Mode And Management Access

Apr 26, 2012

I have a need to manage the 5505 outside of the 2 interfaces however I see it documented that Management access is only via the data path interface. This won't work for me because there will be NO management access on the data network being bridged through the firewall. Is there any option outside of going to routed mode or moving to the 5510?

View 1 Replies View Related

Cisco Firewall :: ASA 5585 Transparent Mode With Multiple Contexts

May 6, 2013

We are deploying the Cisco ASA 5585 in transparent mode with multiple contexts, the port-channel was configured to connect to the core switches using  dot1q trunk. We are experiencing an issue which is the core switches are configured loop guard globally, therefore the port-channel connected to the firewalls will be put into inconsistent state when the failover happen, and the two firewalls' failover can not fulfill the failover at last.
 
I have two queries below: 

1. Does the firewall allow the BPDU passing through when it is in standby mode, for example, secondary firewall is active for group 2 and standby for  group 1.  does the secondary firewall block the BPDU from the vlans under group1 ?   
2. Can we disable the loop guard feature on the switch port-channel or is there any other way to solve this issue ?

View 1 Replies View Related

Cisco Firewall :: 5512 - BGP Through ASA Versus Transparent Mode Deployment

Mar 8, 2013

I've been asked to deploy an ASA in Transparent Mode because of concerns of putting another layer 3 hop between PE and CE routers running BGP.
 
Is there some problem with allowing BGP to flow freely through an ASA the is also terminating site to site and remote access vpn tunnels?
 
I just don't see the need for Transparent Mode here and you cannot have a standard DMZ setup with Transparent Mode: you have to use bridge groups to provide for multiple interfaces on the ASA and then have an external router route between those bridge groups.
 
what I'm missing here as to why Transparent Mode is needed (not needed)

ASA is 5512

View 4 Replies View Related

Cisco Firewall :: 5580 - ASA Transparent Mode With Trunk Interfaces?

Jun 15, 2011

We have a 5580 that we want to connect to each of our 7K's as an internal firewall.  To minimize hassle, we will setup the ASA in transparent mode.I have been working on this all day today and have run into a stopping point.  If I put vlan 20 on a subinterface on Te7/0 which will connect to N7K_1 it works great.  When I try to put that same vlan on Te7/1 which connects to N7K_2, I get an error that says the vlan is already assigned to another interface.Our local Cisco SE told us that this would work.
 
My problem is that not all of our servers/systems are dual homed to both 7K's so I have to be able to get this to work because of potential asymmetric routing issues that we will be dealing with.How to get the 5580 to work in this configuration and can you share your config with me ?Using the redundant interface command isnt an option because I need for both interfaces to be able to route over both 7K's at all times.

View 3 Replies View Related

Cisco Firewall :: Debian Transparent Proxy With ASA 5520?

Apr 21, 2012

recently i have install asa 5520 (8.2) in my networks.Earlier I was using my transparent proxy with 2821 by the following configuration access-list 120 deny   ip host 192.168.112.12 anyaccess-list 120 permit tcp any any eq wwwaccess-list 120 deny   ip any any route-map PROXY-REDIRECT permit 10match ip address 120set ip next-hop 192.168.112.12 ip policy route-map PROXY-REDIRECT and was working fine. How i can use my transparent proxy with ASA?

View 2 Replies View Related

Cisco Firewall :: 6513 / All Traffic Move Via FWSM (Transparent Mode)

Apr 18, 2013

As I am planning to deploy FWSM Module in 6513 chassis and need your valuable comments regarding the strategy that I create for this deployment.Initially (Without FWSM Deployment) all internal traffic moves in this manner.
 
7613(G9/5) --> 6513(G10/4) --> ISA (Internal Int.) [NATing] (ISA External Int.) -->
6513(G9/45){This is L2 port in VLAN 164} --> VLAN 164(SVI Int,IP:192.168.40.20) -->
(G9/44){This is L2 port in VLAN 164}--> ASR 1002 -->Router -->Internet.
 
As you can see from the Image that I am planning to deploy FWSM in transparent mode in between VLAN 164(SVI Int,IP:192.168.40.20) -[FWSM here]->(G9/44){This is L2 port in VLAN 120}By putting Inside interface of FWSM in VLAN 164 and create a new VLAN  on 6513 i.e VLAN 120 and put G9/44 in it.know will this configuration will work regarding the passing of traffic through FWSM ? what improvement I have to made in this design. You can check the attached diagram.

View 3 Replies View Related

Cisco Firewall :: 5505 Transparent Mode Doesn't Pass Traffic

Dec 4, 2012

  asa 5505 do not pass traffic as a patch cord, how to make it pass traffic? [code]

View 2 Replies View Related

Cisco Firewall :: ASA 5515 Transparent Mode / Multi Context And VLAN?

Jun 1, 2013

On ASA  5515  it shows it is in transparent mode  and it has multi context.As in transparent ASA  we know it has single Management IP address.This ASA is connected to  one switch  on two ports gi2 and gi3.One port carries vlan say 800  to the ASA.Other port carries vlan 500 from the ASA  to switch But when i log onto ASA  and do sh run it shows no VLan info there.

View 3 Replies View Related

Cisco Firewall :: ASA 5540 - Port Blocking For Voice In Transparent Mode

Dec 20, 2012

i am using asa5540 with 7.0(8). firewall was configured in transparent mode.
 
now i am looking for block ip phone communication from site to site and head office. i am using cucm 7.1.2b.
 
all site was connected through ofc. no nat was using.

View 1 Replies View Related

Cisco Firewall :: 5515-X Management Access To Transparent Multi-mode Security Contexts

Jan 23, 2013

I have setup a 5515-X in transparent multi-mode and setup 5 security contexts with inside and outside ports, one admin and 4 others. The problem I have run into is setting up a management IP for each context. On one of my other transparent firewalls in production we were able to apply an IP to the security context (not interface) however the new firewall is running the latest software and this same functionality is not available. The only options for IP in context mode is IP AUDIT. So my next plan was to create sub-interfaces of the management interface and assign one to each context however the 5515-x does not allow sub-interfaces on the management interface. How I setup a management IP on each context?
 
Another interesting thing i read is that the managment IP assigned to a context  (if i could figure out how to set it up), has to be in the same subnet as the data interface which if fine but it also says that the management interface should not be connected to the same switch as the data interface because of MAC address table update issues, meaning that i could not use a sub-interface of one of the already configured context ports.

View 3 Replies View Related

Cisco Firewall :: Cat6509 / FWSM - Default Route Per Bridge Group In Transparent Mode

Nov 14, 2011

I want to set up FWSM 4.1 on Cat6509 with multiple bridge groups in one transparent context. (as the manual says it can support up to 8 bridge-groups and the intent is to save security contexts) For a host in VLAN21 (b1_inside) to talk to a host in VLAN41 (b2_inside), traffic needs to be go out to MSFC which routed back the traffic through the FWSM. My question is how can I define a default route per bridge-group, I would assume FWSM should take the following two default routes per bridge-group interface but it won't;  

route b1_outside 0.0.0.0 0.0.0.0 10.11.75.1 1
route b2_outside 0.0.0.0 0.0.0.0 10.11.76.1 1
 
seems like it allows only one default route per the context and gives me an error - "ERROR: Cannot add route entry, possible conflict with existing route"
 
How can I achieve outside per individual bridge-group?
 
 FWSM  context config:
 
Interface VLAN11
nameif b1_outside
bridge-group 1
security-level 0
!
Interface VLAN21
nameif b1_inside

[code]...

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved