Transparent ASA

This guide shows how to configure and use the Adaptive Securiy Appliance (ASA) in transparent mode.

Introduction

Transparent mode is a mode of operation for Cisco ASA (Adaptive Security Appliance) network devices, in which the ASA acts as a layer 2 bridge, forwarding network traffic between different network segments without changing the source or destination IP addresses of the packets. In transparent mode, the ASA is transparent to the network and operates in a manner that is invisible to the end devices. The ASA is placed between the network segments and forwards the traffic without modifying the source or destination addresses of the packets, maintaining the same MAC addresses, VLAN IDs, and IP addresses as the original packets. This mode is used in situations where network segmentation is required for security or management purposes, but the network administrator wants to maintain the existing IP addresses and network topology. Transparent mode can also be used to implement network security policies and services, such as stateful firewall, network address translation (NAT), and VPN services, without changing the existing network configuration. Cisco ASA in transparent mode operates using Bridge Virtual Interfaces (BVIs) to provide a single logical interface for multiple physical interfaces on a network device, allowing communication between the segments attached to those interfaces.

Description
In transparent mode the ASA acts as a layer 2 bridge and is invisible to the end devices
It forwards network traffic between different network segments without changing the source or destination IP addresses of the packets
It can be used to add security, but also maintain the existing IP addresses and network topology
The Transparent mode can also be used to implement network security policies and services, such as stateful firewall, network address translation (NAT), and VPN services, without changing the existing network
Cisco ASA in transparent mode operates using Bridge Virtual Interfaces (BVIs)
They are used to provide a single logical interface for multiple physical interfaces

A Cisco ASA 5505 has been used for this guide.

show inventory

ciscoasa# show inventory
Name: "Chassis", DESCR: "ASA 5505 Adaptive Security Appliance"
PID: ASA5505           , VID: V12     , SN: XXXXXXXXX
show version

ciscoasa# show version

Cisco Adaptive Security Appliance Software Version 9.1(7)32
Device Manager Version 7.12(1)

Compiled on Tue 04-Sep-18 08:37 by builders
System image file is "disk0:/asa917-32-k8.bin"
Config file at boot was "startup-config"

ciscoasa up 1 hour 27 mins

Hardware:   ASA5505, 512 MB RAM, CPU Geode 500 MHz,
Internal ATA Compact Flash, 2048MB
BIOS Flash M50FW016 @ 0xfff00000, 2048KB

Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
                             Boot microcode        : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode     : CNlite-MC-SSLm-PLUS-2.08
                             IPSec microcode       : CNlite-MC-IPSECm-MAIN-2.09
                             Number of accelerators: 1

 0: Int: Internal-Data0/0    : address is c08c.601e.0d9c, irq 11
 1: Ext: Ethernet0/0         : address is c08c.601e.0d94, irq 255
 2: Ext: Ethernet0/1         : address is c08c.601e.0d95, irq 255
 3: Ext: Ethernet0/2         : address is c08c.601e.0d96, irq 255
 4: Ext: Ethernet0/3         : address is c08c.601e.0d97, irq 255
 5: Ext: Ethernet0/4         : address is c08c.601e.0d98, irq 255
 6: Ext: Ethernet0/5         : address is c08c.601e.0d99, irq 255
 7: Ext: Ethernet0/6         : address is c08c.601e.0d9a, irq 255
 8: Ext: Ethernet0/7         : address is c08c.601e.0d9b, irq 255
 9: Int: Internal-Data0/1    : address is 0000.0003.0002, irq 255
10: Int: Not used            : irq 255
11: Int: Not used            : irq 255

Licensed features for this platform:
Maximum Physical Interfaces       : 8              perpetual
VLANs                             : 20             DMZ Unrestricted
Dual ISPs                         : Enabled        perpetual
VLAN Trunk Ports                  : 8              perpetual
Inside Hosts                      : Unlimited      perpetual
Failover                          : Active/Standby perpetual
Encryption-DES                    : Enabled        perpetual
Encryption-3DES-AES               : Enabled        perpetual
AnyConnect Premium Peers          : 2              perpetual
AnyConnect Essentials             : Disabled       perpetual
Other VPN Peers                   : 25             perpetual
Total VPN Peers                   : 25             perpetual
Shared License                    : Disabled       perpetual
AnyConnect for Mobile             : Disabled       perpetual
AnyConnect for Cisco VPN Phone    : Disabled       perpetual
Advanced Endpoint Assessment      : Disabled       perpetual
UC Phone Proxy Sessions           : 2              perpetual
Total UC Proxy Sessions           : 2              perpetual
Botnet Traffic Filter             : Disabled       perpetual
Intercompany Media Engine         : Disabled       perpetual
Cluster                           : Disabled       perpetual

This platform has an ASA 5505 Security Plus license.

Serial Number: XXX
Running Permanent Activation Key: XXX
Configuration register is 0x1
Configuration last modified by enable_15 at 19:45:47.989 UTC Mon Jan 30 2023
ciscoasa#

Premium Access

Log in or register - Premium members can access all content without restrictions.

Get Premium

0 Comments

Submit a Comment