Cisco ASA 5505 Configuration Manual page 152
Asa 5500 series
Hide thumbs
Also See for ASA 5505:
- Getting started manual (168 pages) ,
- Administrator's manual (118 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
Configuring the Firewall Mode
Note
Each directly connected network must be on the same subnet.
•
Do not specify the adaptive security appliance management IP address as the default gateway for
•
connected devices; devices need to specify the router on the other side of the adaptive security
appliance as the default gateway.
For multiple context mode, each context must use different interfaces; you cannot share an interface
•
across contexts.
For multiple context mode, each context typically uses a different subnet. You can use overlapping
•
subnets, but your network topology requires router and NAT configuration to make it possible from
a routing standpoint.
IPv6 Guidelines
Supports IPv6.
Additional Guidelines and Limitations
When you change modes, the adaptive security appliance clears the running configuration because
•
many commands are not supported for both modes. The startup configuration remains unchanged.
If you reload without saving, then the startup configuration is loaded, and the mode reverts back to
the original setting. See the
backing up your configuration file.
If you download a text configuration to the adaptive security appliance that changes the mode with
•
the firewall transparent command, be sure to put the command at the top of the configuration; the
adaptive security appliance changes the mode as soon as it reads the command and then continues
reading the configuration you downloaded. If the command appears later in the configuration, the
adaptive security appliance clears all the preceding lines in the configuration.
Unsupported Features in Transparent Mode
Table 5-1
Cisco ASA 5500 Series Configuration Guide using ASDM
5-6
In transparent firewall mode, the management interface updates the MAC address table in
the same manner as a data interface; therefore you should not connect both a management
and a data interface to the same switch unless you configure one of the switch ports as a
routed port (by default Cisco Catalyst switches share a MAC address for all VLAN switch
ports). Otherwise, if traffic arrives on the management interface from the
physically-connected switch, then the adaptive security appliance updates the MAC address
table to use the management interface to access the switch, instead of the data interface. This
action causes a temporary traffic interruption; the adaptive security appliance will not
re-update the MAC address table for packets from the switch to the data interface for at least
30 seconds for security reasons.
"Setting the Firewall Mode" section on page 5-7
lists the features are not supported in transparent mode.
Chapter 5
Configuring the Transparent or Routed Firewall
for information about
OL-20339-01
- Quick Links:
- Starting Asdm
- Downloading the Asdm Launcher
Hide quick links:
Advertisement
Chapters
Table of Contents
