Contents
vi
Cisco ASA 5500 Series Configuration Guide using the CLI
Information About Routed Firewall Mode 4-2
Information About Transparent Firewall Mode 4-2
Licensing Requirements for the Firewall Mode 4-6
Default Settings 4-6
Guidelines and Limitations 4-6
Setting the Firewall Mode 4-8
Feature History for Firewall Mode 4-9
Configuring ARP Inspection for the Transparent Firewall 4-9
Information About ARP Inspection 4-10
Licensing Requirements for ARP Inspection 4-10
Default Settings 4-10
Guidelines and Limitations 4-10
Configuring ARP Inspection 4-11
Task Flow for Configuring ARP Inspection 4-11
Adding a Static ARP Entry 4-11
Enabling ARP Inspection 4-12
Monitoring ARP Inspection 4-12
Feature History for ARP Inspection 4-13
Customizing the MAC Address Table for the Transparent Firewall 4-13
Information About the MAC Address Table 4-14
Licensing Requirements for the MAC Address Table 4-14
Default Settings 4-14
Guidelines and Limitations 4-14
Configuring the MAC Address Table 4-15
Adding a Static MAC Address 4-15
Setting the MAC Address Timeout 4-15
Disabling MAC Address Learning 4-16
Monitoring the MAC Address Table 4-16
Feature History for the MAC Address Table 4-17
Firewall Mode Examples 4-17
How Data Moves Through the ASA in Routed Firewall Mode 4-17
An Inside User Visits a Web Server 4-18
An Outside User Visits a Web Server on the DMZ 4-19
An Inside User Visits a Web Server on the DMZ 4-20
An Outside User Attempts to Access an Inside Host 4-21
A DMZ User Attempts to Access an Inside Host 4-22
How Data Moves Through the Transparent Firewall 4-23
An Inside User Visits a Web Server 4-24
An Inside User Visits a Web Server Using NAT 4-25