Re: [OSL | CCIE_Security] Transparent firewall with trunking

Sun, 04 Oct 2009 02:13:03 -0700 

Hi,

For transparent firewall, you can only split a single network into two separate 
networks bridged by the FW.

The FW interfaces will need to be in unique vlan in a single switch
scenario while for a two switch scenario, the vlan may be same.

The FW int can carry traffic for multiple vlan, thats why you cannot
trunk it. Also in multi context, the interface cant be shared.

Regards.




________________________________
From: Kingsley Charles <[email protected]>
To: [email protected]
Sent: Sunday, October 4, 2009 9:47:33 AM
Subject: [OSL | CCIE_Security] Transparent firewall with trunking


Hi all
 
I am trying trunking with transparent firewall with following topology:
 
 
     10.20.30.43                                                                
                                                     10.20.30.42
R1 (vlan2)-------------I                                                        
                             I-------------------- (vlan2) R3
                           
Switch--------Trunking---------ASA---------Trunking---------- Switch 
R2 (vlan3)-------------I                                                        
                             I  ------------------- (vlan3) R4
     20.10.30.43                                                                
                                                      20.10.30.42
 
 
I have four routers. 
 
R1 and R2 are connected to switch 1 in vlan 2 and vlan 3 respectively.
R3 and R4 are connected to switch 1 in vlan 2 and vlan 3 respectively.
 
ASA G0/1 is connected to switch 1 with trunking.
ASA G0/0 is connected to switch 2 with trunking.
 
 
vlan 2 - 10.20.30.0
vlan 3 - 20.10.30.0
 
 
Based on my investigation, it seems we can't achieve this. During the initial 
config itself, I am facing an issue. If I associate vlan2 to e1.2, then I am 
not able to associate to 
vlan2 to e0.2 again.
 
 
interface Ethernet1
 no nameif
 no security-level
!
interface Ethernet1.2
 vlan 2
 nameif vlan2
 security-level 100
!
interface Ethernet1.3
 vlan 3
 nameif vlan3
 security-level 100
 
pixfirewall(config-subif)# vlan2
ERROR: VLAN 2 has been assigned to another interface
 
pixfirewall(config-subif)# vlan3
ERROR: VLAN 3 has been assigned to another interface
 
 
 
I am not able configure transparent firewall across vlans but how we do, if 
there a case, if I need transparent firewall across trunk that carries many 
vlans. Is it possible with ASA transparent firewall?
 
 
With regards
Kings


      
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Reply via email to