5-6
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 5      Configuring the Transparent or Routed Firewall
  Configuring the Firewall Mode
Note In transparent firewall mode, the management interface updates the MAC address table in 
the same manner as a data interface; therefore you should not connect both a management 
and a data interface to the same switch unless you configure one of the switch ports as a 
routed port (by default Cisco Catalyst switches share a MAC address for all VLAN switch 
ports). Otherwise, if traffic arrives on the management interface from the 
physically-connected switch, then the adaptive security appliance updates the MAC address 
table to use the management interface to access the switch, instead of the data interface. This 
action causes a temporary traffic interruption; the adaptive security appliance will not 
re-update the MAC address table for packets from the switch to the data interface for at least 
30 seconds for security reasons.
• Each directly connected network must be on the same subnet.
• Do not specify the adaptive security appliance management IP address as the default gateway for 
connected devices; devices need to specify the router on the other side of the adaptive security 
appliance as the default gateway.
• For multiple context mode, each context must use different interfaces; you cannot share an interface 
across contexts.
• For multiple context mode, each context typically uses a different subnet. You can use overlapping 
subnets, but your network topology requires router and NAT configuration to make it possible from 
a routing standpoint.
IPv6 Guidelines
Supports IPv6.
Additional Guidelines and Limitations
• When you change modes, the adaptive security appliance clears the running configuration because 
many commands are not supported for both modes. The startup configuration remains unchanged. 
If you reload without saving, then the startup configuration is loaded, and the mode reverts back to 
the original setting. See the “Setting the Firewall Mode” section on page 5-7 for information about 
backing up your configuration file.
• If you download a text configuration to the adaptive security appliance that changes the mode with 
the firewall transparent command, be sure to put the command at the top of the configuration; the 
adaptive security appliance changes the mode as soon as it reads the command and then continues 
reading the configuration you downloaded. If the command appears later in the configuration, the 
adaptive security appliance clears all the preceding lines in the configuration.
Unsupported Features in Transparent Mode
Table 5-1 lists the features are not supported in transparent mode.