Which statement about an ASA in transparent mode is true?

Which statement about an ASA in transparent mode is true?
A. It allows the use of dynamic NAT.
B. It requires an IP address for each interface.
C. It requires a management IP address.
D. It supports OSPF.

cisco-exams

4 thoughts on “Which statement about an ASA in transparent mode is true?

  1. Transparent Firewall Guidelines

    Follow these guidelines when planning your transparent firewall network:

    •For IPv4, a management IP address is required for both management traffic and for traffic to pass through the ASA. For multiple context mode, an IP address is required for each context.

    Unlike routed mode, which requires an IP address for each interface, a transparent firewall has an IP address assigned to the entire device. The ASA uses this IP address as the source address for packets originating on the ASA, such as system messages or AAA communications.

    The management IP address must be on the same subnet as the connected network. You cannot set the subnet to a host subnet (255.255.255.255).

    it’s C valid

    https://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/fwmode.html#wp1212173

    For IPv6, at a minimum you need to configure link-local addresses for each interface for through traffic. For full functionality, including the ability to manage the ASA, you need to configure a global IP address for the device.

    You can configure an IP address (both IPv4 and IPv6) for the Management 0/0 or Management 0/1 management-only interface. This IP address can be on a separate subnet from the main management IP address.

    •The transparent ASA uses an inside interface and an outside interface only. If your platform includes a dedicated management interface, you can also configure the management interface or subinterface for management traffic only.

  2. If the question is written correctly the answer is “It supports the use of Dynamic NAT”. Although the
    configuration of an ASA in transparent mode does require a management IP address to pass traffic it is not
    something that is “supported” but rather configured in order to work. In the same sense, you cannot assign IP
    addresses to interfaces in Transparent mode so this is not supported. Options that can be supported are
    therefore OSPF and NAT. As referenced below OSPF does not work with ASA’s in transparent mode so the
    only option left is NAT.

    –> B. NAT

    1. The firewall doesn’t require the management interface to have an IP in order to pass traffic.. Since the router is in transparent mode it doesn’t act as a hop hence it doesn’t pass traffic. The IP is only assigned to the interface for management purposes Ex: to connect to the device through HTTPS, SSH.

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.