netman70
asked on
ASA 5510 Transparent Firewall and VPN
hi
I have a RadWare LinkProof Branch load balancing device performing NAT on my network. I am plan to introduce a ASA 5510 between my network and the LinkProof branch. I was thinking about configuring the ASA in a Transparent Firewall mode..
a. Where can I find a good Transparent mode configuration example with access lists
b. Can I also use the ASA as a VPN server (would like to use WebVPN on the ASA) when configured in a transparent mode?
Thanks
I have a RadWare LinkProof Branch load balancing device performing NAT on my network. I am plan to introduce a ASA 5510 between my network and the LinkProof branch. I was thinking about configuring the ASA in a Transparent Firewall mode..
a. Where can I find a good Transparent mode configuration example with access lists
b. Can I also use the ASA as a VPN server (would like to use WebVPN on the ASA) when configured in a transparent mode?
Thanks
ASKER
The link does not give me a configuration example...just tells me who it functions. I would like to see a configuration example with access lists for reference.
Thanks for the clarification on VPN...do I configure one of the two 2003 DC's on my network for VPN?
Thanks for the clarification on VPN...do I configure one of the two 2003 DC's on my network for VPN?
ASKER
Cisco document indicates that (configuring transparent firewall) 'because the non-tcp and non-udp packets do not create sessions, the security appliance must be configured for ACL's on both interfaces'. Does that imply that I have to configure a 'access-list inside-in extended permit ip any any' and apply it to the inside interface to allow all traffic from the internal LAN to the internet?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a0080450b68.html#wp1201980
b) Nope, you can't terminate webvpn on the ASA in transparent mode. VPN is not supported in transparent mode unless the VPN you are terminating is for the purpose of managing the PIX itself.