Unsupported Features In Transparent Mode - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Transparent Mode Overview
•
•
•
•
Unsupported Features in Transparent Mode
Table 15-1
Table 15-1
Feature
Dynamic DNS
DHCP relay
Dynamic routing protocols
IPv6
Multicast
QoS
VPN termination for through
traffic
Cisco Security Appliance Command Line Configuration Guide
15-10
In single mode, you can only use two data interfaces (and the dedicated management interface, if
available) even if your security appliance includes more than two interfaces.
Each directly connected network must be on the same subnet.
Do not specify the security appliance management IP address as the default gateway for connected
devices; devices need to specify the router on the other side of the security appliance as the default
gateway.
For multiple context mode, each context must use different interfaces; you cannot share an interface
across contexts.
For multiple context mode, each context typically uses a different subnet. You can use overlapping
subnets, but your network topology requires router and NAT configuration to make it possible from
a routing standpoint.
lists the features are not supported in transparent mode.
Unsupported Features in Transparent Mode
Description
—
The transparent firewall can act as a DHCP server, but it does not
support the DHCP relay commands. DHCP relay is not required
because you can allow DHCP traffic to pass through using two
extended access lists: one that allows DCHP requests from the inside
interface to the outside, and one that allows the replies from the server
in the other direction.
You can, however, add static routes for traffic originating on the
security appliance. You can also allow dynamic routing protocols
through the security appliance using an extended access list.
You also cannot allow IPv6 using an EtherType access list.
You can allow multicast traffic through the security appliance by
allowing it in an extended access list.
—
The transparent firewall supports site-to-site VPN tunnels for
management connections only. It does not terminate VPN connections
for traffic through the security appliance. You can pass VPN traffic
through the security appliance using an extended access list, but it
does not terminate non-management connections. WebVPN is also not
supported.
Chapter 15
Firewall Mode Overview
OL-12172-03
Advertisement
Table of Contents
Troubleshooting
