Home > Others

Transparent Firewall Mode

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Part 0:overview

The Cisco ASA can operate:

    • Routed firewall mode (default Layer 3)
    • Transparent mode (Layer 2)

Comparison of the Routed and Transparent Firewall Modes
Routed Firewall Mode Transparent Firewall Mode
Use if only IP packets is to be inspected Use if NON-IP packets must be forwarded
Network readdresing is necessary across the ASA Network readdressing is not necessary.
All interfaces can used Only the interfaces can be used.
All ASA features is available.

The following feature is not available:

  • Dynamic Routing Protocol
  • Dynamic DNS
  • DHCP Relay
  • Multicast IP Routing
  • Quailty of Service
  • VPN Termination for transit traffic

Part 1:configuring Transparent Firewall Mode

ciscoasa#Show Firewall //verifying the current firewall Mode

Ciscoasa (config) #firewall transparent //enable transparent firewall mode

Configure ASA Transparent Mode Interface (only inside & outside):

    • Interface speed and Duplex mode
    • Interface Name (nameif)
    • Security level (security-level)

Example:

Ciscoasa (config) #interface e0/0

Ciscoasa (config-if) #nameif outside

Ciscoasa (config-if) #security-level 0

Ciscoasa (config-if) #no shutdown

Ciscoasa (config-if) #exit

Ciscoasa (config) #interface E0/1

Ciscoasa (config-if) #nameif inside

Ciscoasa (config-if) #security-level 100

Ciscoasa (config-if) #no shutdown

Ciscoasa (config) #IP address ip-address subnet-mask//configure Management IP Address

Ciscoasa (config) #Route Interface Network Mask gateway [metric]

Part 2:controlling traffic in Transparent Firewall Mode

Ciscoasa (config) #access-list acl_id ehtertype {permit | deny} {any | bpdus | ipx | mpls-unicast | mpls-multica St | EtherType}


The Ehtertype value can be a 16-bit hex number greater than 0x600, or one of the following keywords:

    • Any : Any NON-IP packet
    • BPDUs: Bridge protocol data units used for STP operation
    • IPX: Novell IPX
    • mpls-unicast: MPLS unicast
    • mpls-multicast: MPLS Multicast

Well-known EtherType values is assigned and maintained by the IEEE. You can search or download the most current list of values at http://standards.ieee.org/develop/regauth/

Ethertype/eth.txt.

Part 3:using ARP inspecition

By Default:an ASA in transparent firewall Mode forwards all ARP packets.

To detect and prevent ARP spoofing, you can configure the ASA to support ARP insepction. ARP inspection uses static ARP entries as the basis for its inspection process.

Ciscoasa (config) #arp interface ip_address mac_addresss (nnnn.nnnn.nnnn)

Ciscoasa (config) #arp-inspection interface Enable [flood | no-flood]

ciscoasa#Show Arp-inspection

Part 4:disable MAC Address Learning

The malicious host might is not a stop with just one spoofed MAC address. It might also send so many packets with spoofed address. DoS attack

To prevent MAC address spoofing attacks, you can disable MAC address learnning completely.

Ciscoasa (config) #Mac-learn Interface Disable

Ciscoasa (config) #mac-address-table static interface mac_address

Ciscoasa (config) #show Mac-learn

Ciscoasa (config) #show mac-address-table

Transparent Firewall Mode

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
xbee transparent mode ftp passive mode firewall firewall stealth mode transparent mode bgcolor transparent fond transparent
Related Article
OpenGL Series Tutorial Eight: OpenGL vertex buffer Object (VBO)
Methods for generating various waveform files Vcd,vpd,shm,fsdb
Mac Ping:sendto:Host is down Ping does not pass other people'...
(SOLR is successfully installed on the office machine accordi...
Webmaster resources (site creation required)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More