Unique vlan or different. I thought we need different vlan for traffic to pass through.
On Saturday, September 1, 2012, Steven van Jaarsveld wrote: > Hi All**** > > ** ** > > This is working now. I rechecked the Switch interfaces and the Interface > connecting to the “Inside” Interface of the Transparent FW was configured > as a Trunk. Changed this to an Access Port and traffic is passing through > the Transparent FW now. Sending this email whilst connected to the LAN and > going through both the Routed FW and the Transparent FW.**** > > ** ** > > Thanks for all the advice**** > > ** ** > > Regards**** > > Steven**** > > ** ** > > *From:* Jason Madsen [mailto:[email protected] <javascript:_e({}, > 'cvml', '[email protected]');>] > *Sent:* 02 September 2012 12:58 AM > *To:* Steven van Jaarsveld > *Cc:* ccie_security > *Subject:* Re: [OSL | CCIE_Security] Transparent Firewall With IPS**** > > ** ** > > You need a unique VLAN on the FW on IN and OUT. **** > > ** ** > > Jason > > Sent from my iPhone**** > > ** ** > > > On Sep 1, 2012, at 4:02 PM, Steven van Jaarsveld < > [email protected] <javascript:_e({}, 'cvml', > '[email protected]');>> wrote:**** > > Hi List**** > > **** > > I am trying to implement an ASA5520 with an AIM-SSP-20 IPS Module in > transparent mode between an existing Cisco ASA FW that performs NAT and the > client’s Internet Router. The reason the customer wants the IPS here is to > scan the traffic that is destined for the Web Production DMZ. I have > configured the ASA5520 with an IP Address in the same Subnet as the Subnet > between the Internet Router and the Existing ASA but I am not getting any > joy with passing traffic through the FW. I have disabled the IPS for now. > Below is a diagram and the ASA configuration is attached **** > > **** > > <image003.png>**** > > **** > > **** > > Regards**** > > Steven**** > > <MZSW-MCNET-IPSFW - 2012-09-01.txt>**** > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com**** > > -- FNK, CCIE Security#35578
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
