Introduction
Transparent mode is a mode of operation for Cisco ASA (Adaptive Security Appliance) network devices, in which the ASA acts as a layer 2 bridge, forwarding network traffic between different network segments without changing the source or destination IP addresses of the packets. In transparent mode, the ASA is transparent to the network and operates in a manner that is invisible to the end devices. The ASA is placed between the network segments and forwards the traffic without modifying the source or destination addresses of the packets, maintaining the same MAC addresses, VLAN IDs, and IP addresses as the original packets. This mode is used in situations where network segmentation is required for security or management purposes, but the network administrator wants to maintain the existing IP addresses and network topology. Transparent mode can also be used to implement network security policies and services, such as stateful firewall, network address translation (NAT), and VPN services, without changing the existing network configuration. Cisco ASA in transparent mode operates using Bridge Virtual Interfaces (BVIs) to provide a single logical interface for multiple physical interfaces on a network device, allowing communication between the segments attached to those interfaces.
A Cisco ASA 5505 has been used for this guide.
show inventory
ciscoasa# show inventory
Name: "Chassis", DESCR: "ASA 5505 Adaptive Security Appliance"
PID: ASA5505 , VID: V12 , SN: XXXXXXXXX
show version
ciscoasa# show version
Cisco Adaptive Security Appliance Software Version 9.1(7)32
Device Manager Version 7.12(1)
Compiled on Tue 04-Sep-18 08:37 by builders
System image file is "disk0:/asa917-32-k8.bin"
Config file at boot was "startup-config"
ciscoasa up 1 hour 27 mins
Hardware: ASA5505, 512 MB RAM, CPU Geode 500 MHz,
Internal ATA Compact Flash, 2048MB
BIOS Flash M50FW016 @ 0xfff00000, 2048KB
Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode : CNlite-MC-SSLm-PLUS-2.08
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.09
Number of accelerators: 1
0: Int: Internal-Data0/0 : address is c08c.601e.0d9c, irq 11
1: Ext: Ethernet0/0 : address is c08c.601e.0d94, irq 255
2: Ext: Ethernet0/1 : address is c08c.601e.0d95, irq 255
3: Ext: Ethernet0/2 : address is c08c.601e.0d96, irq 255
4: Ext: Ethernet0/3 : address is c08c.601e.0d97, irq 255
5: Ext: Ethernet0/4 : address is c08c.601e.0d98, irq 255
6: Ext: Ethernet0/5 : address is c08c.601e.0d99, irq 255
7: Ext: Ethernet0/6 : address is c08c.601e.0d9a, irq 255
8: Ext: Ethernet0/7 : address is c08c.601e.0d9b, irq 255
9: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 255
10: Int: Not used : irq 255
11: Int: Not used : irq 255
Licensed features for this platform:
Maximum Physical Interfaces : 8 perpetual
VLANs : 20 DMZ Unrestricted
Dual ISPs : Enabled perpetual
VLAN Trunk Ports : 8 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Standby perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 25 perpetual
Total VPN Peers : 25 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
Cluster : Disabled perpetual
This platform has an ASA 5505 Security Plus license.
Serial Number: XXX
Running Permanent Activation Key: XXX
Configuration register is 0x1
Configuration last modified by enable_15 at 19:45:47.989 UTC Mon Jan 30 2023
ciscoasa#
0 Comments