{"id":1727,"date":"2019-02-14T23:00:00","date_gmt":"2019-02-14T23:00:00","guid":{"rendered":"https:\/\/www.balajibandi.com\/?p=1727"},"modified":"2022-09-20T16:04:57","modified_gmt":"2022-09-20T15:04:57","slug":"cisco-asa-in-transparet-mode","status":"publish","type":"post","link":"https:\/\/www.balajibandi.com\/?p=1727","title":{"rendered":"Cisco ASA in Transparet Mode"},"content":{"rendered":"\n

Traditionally, a firewall is a routed hop and acts as a default gateway for hosts that connect to one of its screened subnets. A transparent firewall, on the other hand, is a Layer 2 firewall that acts like a \u201cbump in the wire,\u201d or a \u201cstealth firewall,\u201d and is not seen as a router hop to connected devices<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

<\/p>\n\n\n\n

Basic config on ASA : convert ASA to transparent (this will wipe all the config on the ASA).<\/p>\n\n\n\n

BB-FW(config)# firewall transparent<\/p>\n\n\n\n

Configure interface in respected VLAN<\/p>\n\n\n\n

BB-FW(config)# interface Gig 1\/1
BB-FW(config-if)# switchport access vlan 100
BB-FW(config-if)# no shutdown
BB-FW(config-if)# interface Gig 1\/4
BB-FW(config-if)# switchport access vlan 200
BB-FW(config-if)# no shutdown<\/p>\n\n\n\n

Configure VLAN in to respected inside and outside, and add them to bridge group.<\/p>\n\n\n\n

BB-FW(config-if)# interface vlan 100
BB-FW(config-if)# nameif outside
BB-FW(config-if)# bridge-group 1<\/p>\n\n\n\n


BB-FW(config-if)# interface vlan 200
BB-FW(config-if)# nameif inside
BB-FW(config-if)# bridge-group 1<\/p>\n\n\n\n

ASA can be managed using BVI as below IP address :<\/p>\n\n\n\n

BB-FW(config-if)# interface bvi 1
BB-FW(config-if)# ip address 192.168.100.254<\/p>\n\n\n\n

Basic ACL to test :<\/p>\n\n\n\n

access-list outside-in extended permit icmp any any echo-reply
access-list outside-in extended permit icmp any any unreachable
access-list outside-in extended permit icmp any any traceroute
access-list outside-in extended permit icmp any any time-exceeded
access-list outside-in extended permit udp any any eq domain<\/p>\n\n\n\n

<\/p>\n\n\n\n

Happy labbing………………!<\/p>\n","protected":false},"excerpt":{"rendered":"

Traditionally, a firewall is a routed hop and acts as a default gateway for hosts that connect to one of its screened subnets. A transparent firewall, on the other hand, is a Layer 2 firewall that acts like a \u201cbump in the wire,\u201d or a \u201cstealth firewall,\u201d and is not seen as a router hop […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1727","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/posts\/1727","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1727"}],"version-history":[{"count":1,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/posts\/1727\/revisions"}],"predecessor-version":[{"id":1729,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=\/wp\/v2\/posts\/1727\/revisions\/1729"}],"wp:attachment":[{"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1727"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1727"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.balajibandi.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1727"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}