Cisco ASA Series Cli Configuration Manual page 482
Software version 9.0 for the services module
Hide thumbs
Also See for ASA Series:
- Configuration manual (429 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Guidelines and Limitations
Firewall Mode Guidelines
•
You can configure up to 8 bridge groups in single mode or per context in multiple mode. Note that
you must use at least 1 bridge group; data interfaces must belong to a bridge group.
Note
•
Each bridge group can include up to 4 interfaces.
•
For IPv4, a management IP address is required for each bridge group for both management traffic
and for traffic to pass through the ASA.
Unlike routed mode, which requires an IP address for each interface, a transparent firewall has an
IP address assigned to the entire bridge group. The ASA uses this IP address as the source address
for packets originating on the ASA, such as system messages or AAA communications. In addition
to the bridge group management address, you can optionally configure a management interface for
some models; see the
The management IP address must be on the same subnet as the connected network. You cannot set
the subnet to a host subnet (255.255.255.255). The ASA does not support traffic on secondary
networks; only traffic on the same network as the management IP address is supported. See the
"Configuring Bridge Groups" section on page 1-8
subnets.
•
For IPv6, at a minimum you need to configure link-local addresses for each interface for through
traffic. For full functionality, including the ability to manage the ASA, you need to configure a
global IPv6 address for each bridge group.
•
For multiple context mode, each context must use different interfaces; you cannot share an interface
across contexts.
•
For multiple context mode, each context typically uses a different subnet. You can use overlapping
subnets, but your network topology requires router and NAT configuration to make it possible from
a routing standpoint.
Failover Guidelines
Do not finish configuring failover interfaces with the procedures in this chapter. See the
Active/Standby Failover" section on page 1-7
page 1-9
configured in the system configuration.
IPv6 Guidelines
•
Supports IPv6.
•
No support for IPv6 anycast addresses in transparent mode.
Cisco ASA Series CLI Configuration Guide
1-6
Although you can configure multiple bridge groups on the ASA 5505, the restriction of 2
data interfaces in transparent mode on the ASA 5505 means you can only effectively use 1
bridge group.
"Management Interface" section on page 1-2
to configure the failover and state links. In multiple context mode, failover interfaces are
Chapter 1
Completing Interface Configuration (Transparent Mode)
for more information about management IP
or the
"Configuring Active/Active Failover" section on
for more information.
"Configuring
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
