Same VLAN on both Interfaces (Inside and Outside) From: Fawad Khan [mailto:[email protected]] Sent: 02 September 2012 01:36 AM To: Steven van Jaarsveld Cc: Jason Madsen; ccie_security Subject: Re: [OSL | CCIE_Security] Transparent Firewall With IPS
Unique vlan or different. I thought we need different vlan for traffic to pass through. On Saturday, September 1, 2012, Steven van Jaarsveld wrote: Hi All This is working now. I rechecked the Switch interfaces and the Interface connecting to the "Inside" Interface of the Transparent FW was configured as a Trunk. Changed this to an Access Port and traffic is passing through the Transparent FW now. Sending this email whilst connected to the LAN and going through both the Routed FW and the Transparent FW. Thanks for all the advice Regards Steven From: Jason Madsen [mailto:[email protected]<javascript:_e(%7b%7d,%20'cvml',%20'[email protected]');>] Sent: 02 September 2012 12:58 AM To: Steven van Jaarsveld Cc: ccie_security Subject: Re: [OSL | CCIE_Security] Transparent Firewall With IPS You need a unique VLAN on the FW on IN and OUT. Jason Sent from my iPhone On Sep 1, 2012, at 4:02 PM, Steven van Jaarsveld <[email protected]<javascript:_e(%7b%7d,%20'cvml',%20'[email protected]');>> wrote: Hi List I am trying to implement an ASA5520 with an AIM-SSP-20 IPS Module in transparent mode between an existing Cisco ASA FW that performs NAT and the client's Internet Router. The reason the customer wants the IPS here is to scan the traffic that is destined for the Web Production DMZ. I have configured the ASA5520 with an IP Address in the same Subnet as the Subnet between the Internet Router and the Existing ASA but I am not getting any joy with passing traffic through the FW. I have disabled the IPS for now. Below is a diagram and the ASA configuration is attached <image003.png> Regards Steven <MZSW-MCNET-IPSFW - 2012-09-01.txt> _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com<http://www.ipexpert.com> Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com<http://www.PlatinumPlacement.com> -- FNK, CCIE Security#35578
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
