1-6
Cisco ASA Series CLI Configuration Guide
Chapter 1 Completing Interface Configuration (Transparent Mode)
Guidelines and Limitations
Firewall Mode Guidelines
• You can configure up to 8 bridge groups in single mode or per context in multiple mode. Note that
you must use at least 1 bridge group; data interfaces must belong to a bridge group.
Note Although you can configure multiple bridge groups on the ASA 5505, the restriction of 2
data interfaces in transparent mode on the ASA 5505 means you can only effectively use 1
bridge group.
• Each bridge group can include up to 4 interfaces.
• For IPv4, a management IP address is required for each bridge group for both management traffic
and for traffic to pass through the ASA.
Unlike routed mode, which requires an IP address for each interface, a transparent firewall has an
IP address assigned to the entire bridge group. The ASA uses this IP address as the source address
for packets originating on the ASA, such as system messages or AAA communications. In addition
to the bridge group management address, you can optionally configure a management interface for
some models; see the “Management Interface” section on page 1-2 for more information.
The management IP address must be on the same subnet as the connected network. You cannot set
the subnet to a host subnet (255.255.255.255). The ASA does not support traffic on secondary
networks; only traffic on the same network as the management IP address is supported. See the
“Configuring Bridge Groups” section on page 1-8 for more information about management IP
subnets.
• For IPv6, at a minimum you need to configure link-local addresses for each interface for through
traffic. For full functionality, including the ability to manage the ASA, you need to configure a
global IPv6 address for each bridge group.
• For multiple context mode, each context must use different interfaces; you cannot share an interface
across contexts.
• For multiple context mode, each context typically uses a different subnet. You can use overlapping
subnets, but your network topology requires router and NAT configuration to make it possible from
a routing standpoint.
Failover Guidelines
Do not finish configuring failover interfaces with the procedures in this chapter. See the “Configuring
Active/Standby Failover” section on page 1-7 or the “Configuring Active/Active Failover” section on
page 1-9 to configure the failover and state links. In multiple context mode, failover interfaces are
configured in the system configuration.
IPv6 Guidelines
• Supports IPv6.
• No support for IPv6 anycast addresses in transparent mode.
To Next Page
Loading...
Need help?
General
