Please show the configs. See it to believe it :) I have transparent ASAs in production and it just have to be 2 unique vlans for inside and outside.
But if you have discovered a new feature of ASAs then please share with us the configurations. 2 unique VLANs are like 2 different virtual switches, correct? So having the same VLAN for both inside and outside means that you have both interfaces of the ASA on the same switch. How will the ARP work in this case? Very interesting setup and really interested to know the details. Best Regards. ______________________ Adil On Sep 1, 2012, at 9:11 PM, Steven van Jaarsveld wrote: > It is working perfectly with the same VLAN ID (eg: 1) on the Inside and > Outside > > From: Jason Madsen [mailto:[email protected]] > Sent: 02 September 2012 03:10 AM > To: Fawad Khan > Cc: Steven van Jaarsveld; ccie_security > Subject: Re: [OSL | CCIE_Security] Transparent Firewall With IPS > > Should be different on ASAs too. That's what I meant by unique on each > interface e.g. VLAN 4 on inside and 94 on outside. > > Sent from my iPhone > > > On Sep 1, 2012, at 5:42 PM, Fawad Khan <[email protected]> wrote: > > So here is the thing I just deployed "virtual wire" palo alto network next > gen firewall and that does require different vlan for Traffic to pass > through. I must have mixed the two concepts. > Sorry guys. > > On Saturday, September 1, 2012, Steven van Jaarsveld wrote: > Same VLAN on both Interfaces (Inside and Outside) > > From: Fawad Khan [mailto:[email protected]] > Sent: 02 September 2012 01:36 AM > To: Steven van Jaarsveld > Cc: Jason Madsen; ccie_security > Subject: Re: [OSL | CCIE_Security] Transparent Firewall With IPS > > > Unique vlan or different. I thought we need different vlan for traffic to > pass through. > > On Saturday, September 1, 2012, Steven van Jaarsveld wrote: > > Hi All > > > > This is working now. I rechecked the Switch interfaces and the Interface > connecting to the “Inside” Interface of the Transparent FW was configured as > a Trunk. Changed this to an Access Port and traffic is passing through the > Transparent FW now. Sending this email whilst connected to the LAN and going > through both the Routed FW and the Transparent FW. > > > > Thanks for all the advice > > > > Regards > > Steven > > > > From: Jason Madsen [mailto:[email protected]] > Sent: 02 September 2012 12:58 AM > To: Steven van Jaarsveld > Cc: ccie_security > Subject: Re: [OSL | CCIE_Security] Transparent Firewall With IPS > > > > You need a unique VLAN on the FW on IN and OUT. > > > > Jason > > Sent from my iPhone > > > > > On Sep 1, 2012, at 4:02 PM, Steven van Jaarsveld > <[email protected]> wrote: > > Hi List > > > > I am trying to implement an ASA5520 with an AIM-SSP-20 IPS Module in > transparent mode between an existing Cisco ASA FW that performs NAT and the > client’s Internet Router. The reason the customer wants the IPS here is to > scan the traffic that is destined for the Web Production DMZ. I have > configured the ASA5520 with an IP Address in the same Subnet as the Subnet > between the Internet Router and the Existing ASA but I am not getting any joy > with passing traffic through the FW. I have disabled the IPS for now. Below > is a diagram and the ASA configuration is attached > > > > <image003.png> > > > > > > Regards > > Steven > > > > -- > FNK, CCIE Security#35578 > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
