Should be different on ASAs too. That's what I meant by unique on each interface e.g. VLAN 4 on inside and 94 on outside.
Sent from my iPhone On Sep 1, 2012, at 5:42 PM, Fawad Khan <[email protected]> wrote: > So here is the thing I just deployed "virtual wire" palo alto network next > gen firewall and that does require different vlan for Traffic to pass > through. I must have mixed the two concepts. > Sorry guys. > > On Saturday, September 1, 2012, Steven van Jaarsveld wrote: > Same VLAN on both Interfaces (Inside and Outside) > > > > From: Fawad Khan [mailto:[email protected]] > Sent: 02 September 2012 01:36 AM > To: Steven van Jaarsveld > Cc: Jason Madsen; ccie_security > Subject: Re: [OSL | CCIE_Security] Transparent Firewall With IPS > > > > Unique vlan or different. I thought we need different vlan for traffic to > pass through. > > On Saturday, September 1, 2012, Steven van Jaarsveld wrote: > > Hi All > > > > This is working now. I rechecked the Switch interfaces and the Interface > connecting to the “Inside” Interface of the Transparent FW was configured as > a Trunk. Changed this to an Access Port and traffic is passing through the > Transparent FW now. Sending this email whilst connected to the LAN and going > through both the Routed FW and the Transparent FW. > > > > Thanks for all the advice > > > > Regards > > Steven > > > > From: Jason Madsen [mailto:[email protected]] > Sent: 02 September 2012 12:58 AM > To: Steven van Jaarsveld > Cc: ccie_security > Subject: Re: [OSL | CCIE_Security] Transparent Firewall With IPS > > > > You need a unique VLAN on the FW on IN and OUT. > > > > Jason > > Sent from my iPhone > > > > > On Sep 1, 2012, at 4:02 PM, Steven van Jaarsveld > <[email protected]> wrote: > > Hi List > > > > I am trying to implement an ASA5520 with an AIM-SSP-20 IPS Module in > transparent mode between an existing Cisco ASA FW that performs NAT and the > client’s Internet Router. The reason the customer wants the IPS here is to > scan the traffic that is destined for the Web Production DMZ. I have > configured the ASA5520 with an IP Address in the same Subnet as the Subnet > between the Internet Router and the Existing ASA but I am not getting any joy > with passing traffic through the FW. I have disabled the IPS for now. Below > is a diagram and the ASA configuration is attached > > > > <image003.png> > > > > > > Regards > > Steven > > > > -- > FNK, CCIE Security#35578
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
