myITmicroblog

I need to implement a transparent firewall between r1 and r2. Ping and bgp session have to be allowed. 10.0 . 0.1 10.0 . 0.100 10.0 . 0.2 /---- \ ----- /---- \ | R1 |----------| ASA1 |----------| R2 | \- ---/ ----- \- ---/ vlan10 ---->| <---- vlan20 1) Cisco Adaptive Security Appliance Software Version 8.3(1) First I configure min requirements to allow on bgp session between r1 and r2 R1:   ! interface GigabitEthernet0 / 0 ip address 10.0 . 0.1 255.255 . 255.0 ! router bgp 65001 neighbor 10.0 . 0.2 remote - as 65001 ! R2:   ! interface GigabitEthernet0 / 0 ip address 10.0 . 0.2 255.255 . 255.0 ! router bgp 65001 neighbor 10.0 . 0.1 remote - as 65001 ! ASA is in ‘transparent mode’: ASA1:   ! firewall transparent hostname asa1 ! ! interface Ethernet0 / 0.10 vlan 10 nameif outside ...

Let’s look on my scenario where ASA1 and ASA2 have two contexts and ‘c1’ is primary on on ASA1 and ‘c2’ is primary on ASA2: R1 R4 10.0 . 0.1 172.16 . 1.1 | | | | Fa1 / 0 / 9 Fa1 / 0 / 15 ------------------------------------ | sw1 | ------------------------------------ Fa1 / 0 / 3 Fa1 / 0 / 7 | | | | | | | | eth0 / 1.20 eth0 / 1.30 eth0 / 1.20 eth0 / 1.30 10.0 . 0.10 172.16 . 1.11 10.0 . 0.11 172.16 . 1.10 ------------- folink ------------- | asa1 | <--------->| asa2 | | |---| |---| | | |---| |---| | | | c1 | | c2 | | | | c1 | | c2 | | | |- P ...