Setting The Firewall Mode - Cisco ASA Series Cli Configuration Manual
Software version 9.0 for the services module
Hide thumbs
Also See for ASA Series:
- Configuration manual (429 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Chapter 1
Configuring the Transparent or Routed Firewall
Unsupported Features in Transparent Mode
Table 1-1
Table 1-1
Feature
Dynamic DNS
DHCP relay
Dynamic routing protocols
Multicast IP routing
QoS
VPN termination for through
traffic
Unified Communications
Setting the Firewall Mode
This section describes how to change the firewall mode.
Note
We recommend that you set the firewall mode before you perform any other configuration because
changing the firewall mode clears the running configuration.
Prerequisites
When you change modes, the ASA clears the running configuration (see the
Limitations" section on page 1-8
•
•
•
lists the features are not supported in transparent mode.
Unsupported Features in Transparent Mode
If you already have a populated configuration, be sure to back up your configuration before changing
the mode; you can use this backup for reference when creating your new configuration.
Use the CLI at the console port to change the mode. If you use any other type of session, including
the ASDM Command Line Interface tool or SSH, you will be disconnected when the configuration
is cleared, and you will have to reconnect to the ASA using the console port in any case.
Set the mode within the context.
Description
—
The transparent firewall can act as a DHCP server, but it does not
support the DHCP relay commands. DHCP relay is not required
because you can allow DHCP traffic to pass through using two
extended access lists: one that allows DCHP requests from the inside
interface to the outside, and one that allows the replies from the server
in the other direction.
You can, however, add static routes for traffic originating on the ASA.
You can also allow dynamic routing protocols through the ASA using
an extended access list.
You can allow multicast traffic through the ASA by allowing it in an
extended access list.
—
The transparent firewall supports site-to-site VPN tunnels for
management connections only. It does not terminate VPN connections
for traffic through the ASA. You can pass VPN traffic through the
ASA using an extended access list, but it does not terminate
non-management connections. Clientless SSL VPN is also not
supported.
—
for more information).
Cisco ASA Series CLI Configuration Guide
Setting the Firewall Mode
"Guidelines and
1-9
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
