5-6
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 5 Configuring the Transparent or Routed Firewall
Configuring the Firewall Mode
Note In transparent firewall mode, the management interface updates the MAC address table in
the same manner as a data interface; therefore you should not connect both a management
and a data interface to the same switch unless you configure one of the switch ports as a
routed port (by default Cisco Catalyst switches share a MAC address for all VLAN switch
ports). Otherwise, if traffic arrives on the management interface from the
physically-connected switch, then the adaptive security appliance updates the MAC address
table to use the management interface to access the switch, instead of the data interface. This
action causes a temporary traffic interruption; the adaptive security appliance will not
re-update the MAC address table for packets from the switch to the data interface for at least
30 seconds for security reasons.
• Each directly connected network must be on the same subnet.
• Do not specify the adaptive security appliance management IP address as the default gateway for
connected devices; devices need to specify the router on the other side of the adaptive security
appliance as the default gateway.
• For multiple context mode, each context must use different interfaces; you cannot share an interface
across contexts.
• For multiple context mode, each context typically uses a different subnet. You can use overlapping
subnets, but your network topology requires router and NAT configuration to make it possible from
a routing standpoint.
IPv6 Guidelines
Supports IPv6.
Additional Guidelines and Limitations
• When you change modes, the adaptive security appliance clears the running configuration because
many commands are not supported for both modes. The startup configuration remains unchanged.
If you reload without saving, then the startup configuration is loaded, and the mode reverts back to
the original setting. See the “Setting the Firewall Mode” section on page 5-7 for information about
backing up your configuration file.
• If you download a text configuration to the adaptive security appliance that changes the mode with
the firewall transparent command, be sure to put the command at the top of the configuration; the
adaptive security appliance changes the mode as soon as it reads the command and then continues
reading the configuration you downloaded. If the command appears later in the configuration, the
adaptive security appliance clears all the preceding lines in the configuration.
Unsupported Features in Transparent Mode
Table 5-1 lists the features are not supported in transparent mode.
To Next Page
Loading...
Need help?
General
