You need a unique VLAN on the FW on IN and OUT. Jason
Sent from my iPhone On Sep 1, 2012, at 4:02 PM, Steven van Jaarsveld <[email protected]> wrote: > Hi List > > I am trying to implement an ASA5520 with an AIM-SSP-20 IPS Module in > transparent mode between an existing Cisco ASA FW that performs NAT and the > client’s Internet Router. The reason the customer wants the IPS here is to > scan the traffic that is destined for the Web Production DMZ. I have > configured the ASA5520 with an IP Address in the same Subnet as the Subnet > between the Internet Router and the Existing ASA but I am not getting any joy > with passing traffic through the FW. I have disabled the IPS for now. Below > is a diagram and the ASA configuration is attached > > <image003.png> > > > Regards > Steven > <MZSW-MCNET-IPSFW - 2012-09-01.txt> > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
