How to setup an transparent firwall on Cisco ASA 5510 with multiple VLAN?

As title, how can I configure it?
Who is Participating?
harbor235Connect With a Mentor Commented:

From config mode;

firewall transparent


Follow these guidelines when you plan your transparent firewall network:


      A management IP address is required; for multiple context mode, an IP address is required for each context.

      Unlike routed mode, which requires an IP address for each interface, a transparent firewall has an IP address assigned to the entire device. The security appliance uses this IP address as the source address for packets that originate on the security appliance, such as system messages or AAA communications.

      The management IP address must be on the same subnet as the connected network. You cannot set the subnet to a host subnet (

      The transparent security appliance uses an inside interface and an outside interface only. If your platform includes a dedicated management interface, you can also configure the management interface or subinterface for management traffic only.

      In single mode, you can only use two data interfaces (and the dedicated management interface, if available) even if your security appliance includes more than two interfaces.

      Each directly connected network must be on the same subnet.

      Do not specify the security appliance management IP address as the default gateway for connected devices; devices need to specify the router on the other side of the security appliance as the default gateway.

      For multiple context mode, each context must use different interfaces; you cannot share an interface across contexts.

      For multiple context mode, each context typically uses a different subnet. You can use subnets that overlap, but your network topology requires router and NAT configuration to make it possible from a routing standpoint.

      You must use an extended access list to allow Layer 3 traffic, such as IP traffic, through the security appliance.

      You can also optionally use an EtherType access list to allow non-IP traffic through.

Here is a good link;

harbor235 ;}
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.