EasyManuals Logo
Home>Cisco>Network Hardware>ASA Series

Cisco ASA Series User Manual

Cisco ASA Series
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #144 background imageLoading...
Page #144 background image
1-8
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring the Transparent or Routed Firewall
Guidelines and Limitations
Guidelines and Limitations
Context Mode Guidelines
Set the firewall mode per context.
Transparent Firewall Guidelines
In transparent firewall mode, the management interface updates the MAC address table in the same
manner as a data interface; therefore you should not connect both a management and a data interface
to the same switch unless you configure one of the switch ports as a routed port (by default Cisco
Catalyst switches share a MAC address for all VLAN switch ports). Otherwise, if traffic arrives on
the management interface from the physically-connected switch, then the ASA updates the
MAC address table to use the management interface to access the switch, instead of the data
interface. This action causes a temporary traffic interruption; the ASA will not re-update the MAC
address table for packets from the switch to the data interface for at least 30 seconds for security
reasons.
Each directly-connected network must be on the same subnet.
Do not specify the bridge group management IP address as the default gateway for connected
devices; devices need to specify the router on the other side of the ASA as the default gateway.
The default route for the transparent firewall, which is required to provide a return path for
management traffic, is only applied to management traffic from one bridge group network. This is
because the default route specifies an interface in the bridge group as well as the router IP address
on the bridge group network, and you can only define one default route. If you have management
traffic from more than one bridge group network, you need to specify a static route that identifies
the network from which you expect management traffic.
IPv6 Guidelines
Supports IPv6.
Additional Guidelines and Limitations
When you change firewall modes, the ASA clears the running configuration because many
commands are not supported for both modes. The startup configuration remains unchanged. If you
reload without saving, then the startup configuration is loaded, and the mode reverts back to the
original setting. See the “Setting the Firewall Mode” section on page 1-9 for information about
backing up your configuration file.
If you download a text configuration to the ASA that changes the mode with the
firewall transparent command, be sure to put the command at the top of the configuration; the ASA
changes the mode as soon as it reads the command and then continues reading the configuration you
downloaded. If the command appears later in the configuration, the ASA clears all the preceding
lines in the configuration.

Table of Contents

Other manuals for Cisco ASA Series

Preview: Configuration Guide
Configuration Guide428 pages
Preview: Mount And Connect
Mount And Connect12 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASA Series and is the answer not in the manual?

Cisco ASA Series Specifications

General IconGeneral
BrandCisco
ModelASA Series
CategoryNetwork Hardware
LanguageEnglish

Related product manuals