Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

Got anuthing bad to say about transparent firewall?? on Cisco ASA5505

  • Filter
  • Time
  • Show
Clear All
new posts

  • Got anuthing bad to say about transparent firewall?? on Cisco ASA5505

    What is the disadvantage of transparent firewall? Can I still allow all internal servers to communicate on any port, whilst still protecting the servers from the outside?

    I was going to setup NAT but then thought whats the point if I can use transparent firewall and control the inside traffic with ACLs.

    I don't need VPN and the connections are mainly for hosting incomming traffic on 4 servers. such as http and https.

  • #2
    Re: Got anything bad to say about transparent firewall?? on Cisco ASA5505

    I have found this with regards to the diferances, now I'm not sure what it means by it only supports two interfaces? Does this mean I can only have one LAN and one WAN port??

    Routed Firewall
    Supports up to five Fast-Ethernet or four Gigabit-Ethernet interfaces[1], which can be further subdivided.
    IP address assignment at the interface level.
    IPv6 is supported.
    Supports RIP and OSPF.
    Does not allow passing non-IP traffic.
    Adds an extra hop on the network by setting up routed interfaces.
    Supports both static and dynamic address translation.
    Supports multicast using sparse mode.
    Supports QoS
    Inspects Layer 3 and higher packet headers.
    Supports remote access and site-to-site tunnels.

    Transparent Firewall
    Supports two interfaces.
    IP address assignment at the global level, which is solely used for management purposes.
    IPv6 is not supported.
    Does not participate in routing protocols but can still pass routing protocol traffic through it. You can define static routes for the traffic originated by the ASA.
    Allows IP and non-IP traffic to pass through it.
    Does not add an extra hop; thus, no need to readdress one network.
    Does not support address translation.
    Does not participate in multicast. However, it allows passing the multicast traffic through it using the ACLs.
    Does not support QoS.
    Inspects Layer 2 and higher packet headers.
    Only supports site-to-site VPN for management purposes.
    Last edited by carwyn; 9th February 2009, 22:10.