Interfaces and Security Levels
Each interface in an ASA firewall must have a physical name, a logical name, a security level, and an IP address. Interfaces may also be configured for features such as speed and duplex mode.
Note
All model ASAs can be configured to run in transparent mode. In this mode, the ASA becomes a bridge and a bump on the wire, which is, in my opinion, about the dumbest description ever. Transparent mode is available so that you can drop your firewall into an existing network without renumbering any part of it. With only an IP address for management, a transparent firewall seems like the perfect solution.
Iâm sure Iâll get heat for this, but I recommend that you donât use transparent mode. Every installation Iâve ever seen where transparent mode ASAs or PIXes were involved has been a disaster. Why? Because the proper solution involved redesigning the network, and no one was willing to spend the time and/or money to do so. Transparent firewalls allow a solution to be shoe-horned into a network that wasnât designed for a firewall. Do yourself a favor and insist that the network be redesigned to support the traditional Layer-3 firewall model instead of using transparent mode.
On the ASA 5540, the standard physical interfaces are G0/0 through G0/3. An expansion card can be installed to add interfaces, which are numbered incrementally starting at G1/0. Each interface must be assigned a logical name. There are no default names for interfaces on an ASA, but ...
Get Network Warrior, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
