So here is the thing I just deployed "virtual wire" palo alto network next gen firewall and that does require different vlan for Traffic to pass through. I must have mixed the two concepts. Sorry guys.
On Saturday, September 1, 2012, Steven van Jaarsveld wrote: > Same VLAN on both Interfaces (Inside and Outside)**** > > ** ** > > *From:* Fawad Khan [mailto:[email protected] <javascript:_e({}, 'cvml', > '[email protected]');>] > *Sent:* 02 September 2012 01:36 AM > *To:* Steven van Jaarsveld > *Cc:* Jason Madsen; ccie_security > *Subject:* Re: [OSL | CCIE_Security] Transparent Firewall With IPS**** > > ** ** > > Unique vlan or different. I thought we need different vlan for traffic to > pass through. > > On Saturday, September 1, 2012, Steven van Jaarsveld wrote:**** > > Hi All**** > > **** > > This is working now. I rechecked the Switch interfaces and the Interface > connecting to the “Inside” Interface of the Transparent FW was configured > as a Trunk. Changed this to an Access Port and traffic is passing through > the Transparent FW now. Sending this email whilst connected to the LAN and > going through both the Routed FW and the Transparent FW.**** > > **** > > Thanks for all the advice**** > > **** > > Regards**** > > Steven**** > > **** > > *From:* Jason Madsen [mailto:[email protected]] > *Sent:* 02 September 2012 12:58 AM > *To:* Steven van Jaarsveld > *Cc:* ccie_security > *Subject:* Re: [OSL | CCIE_Security] Transparent Firewall With IPS**** > > **** > > You need a unique VLAN on the FW on IN and OUT. **** > > **** > > Jason > > Sent from my iPhone**** > > **** > > > On Sep 1, 2012, at 4:02 PM, Steven van Jaarsveld < > [email protected]> wrote:**** > > Hi List**** > > **** > > I am trying to implement an ASA5520 with an AIM-SSP-20 IPS Module in > transparent mode between an existing Cisco ASA FW that performs NAT and the > client’s Internet Router. The reason the customer wants the IPS here is to > scan the traffic that is destined for the Web Production DMZ. I have > configured the ASA5520 with an IP Address in the same Subnet as the Subnet > between the Internet Router and the Existing ASA but I am not getting any > joy with passing traffic through the FW. I have disabled the IPS for now. > Below is a diagram and the ASA configuration is attached **** > > **** > > <image003.png>**** > > **** > > **** > > Regards**** > > Steven**** > > -- FNK, CCIE Security#35578
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
