Information About the Firewall Mode
Figure 1-2
Figure 1-2
10.1.1.1
10.1.1.3
Note
Each bridge group requires a management IP address. The ASA uses this IP address as the source address
for packets originating from the bridge group. The management IP address must be on the same subnet
as the connected network. For another method of management, see the
5510 and Higher)" section on page
The ASA does not support traffic on secondary networks; only traffic on the same network as the
management IP address is supported.
Management Interface (ASA 5510 and Higher)
In addition to each bridge group management IP address, you can add a separate Management slot/port
interface that is not part of any bridge group, and that allows only management traffic to the ASA. For
more information, see the
Allowing Layer 3 Traffic
•
Cisco ASA Series CLI Configuration Guide
1-4
shows two networks connected to the ASA, which has two bridge groups.
Transparent Firewall Network with Two Bridge Groups
10.2.1.1
BVI 1
BVI 2
10.1.1.2
10.2.1.2
10.2.1.3
"Management Interface" section on page
Unicast IPv4 and IPv6 traffic is allowed through the transparent firewall automatically from a higher
security interface to a lower security interface, without an ACL.
Note
Broadcast and multicast traffic can be passed using access rules. See the
Broadcast and Multicast Traffic through the Transparent Firewall Using Access Rules"
section on page 7-6
Chapter 1
1-4.
for more information.
Configuring the Transparent or Routed Firewall
"Management Interface (ASA
11-2.
"Allowing