Re: transparent fw issues

the article was very informative on what happens when a cam table of fw dint
find a mac address
 , but still pictrure is not clear as far as layer 2 processing is
concerned .

i believe my question is clear . to recall

same topology as above . when switch receaves frame destined for server from
pc , it will undergo a CAM lookup and forward the frame on to the port
connected to server .
as the switching decisons is basec on mac address , cam look up will guide
the swith to forward the frame to server,

 when will the switch forwards frames to fw ????????????

security experts kindly help me with this basic question :-)

On Sat, Nov 13, 2010 at 7:24 PM, Ryan West <rwest_at_zyedge.com> wrote:ve

> Here's a good article that should explain the MAC table creation for the
> ASA while in transparent mode. In short, the switch is not going to pass
> frames between VLANs unless it's explicitly bridged.
> http://packetu.com/content/view/51/
>
> -ryan
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> ehtesham ali
> Sent: Saturday, November 13, 2010 6:09 AM
> To: ccielab_at_groupstudy.com
> Subject: transparent fw issues
>
> Hi group ,
> i have then following senario on transparent firewall . The pc and fw e0/1
> belongs to vlan 10 and server , firewall e0/0 belongs to vlan 10.
>
>
>
> 10.0.0.1
> pc1------------------------------[ swith
> ]-----------------------------------server 10.0.0.254
> | |
> | |
> e0/1 | | eo/o
> firewall.
>
> when pc1 arps for server mac address. the server will respond to it . here
> i get the logic of using two vlans even though the subnet is same
>
> when pc 1 sends the frame with layer 2 dest add of server , the swithch
> will forward the frame based on mac address table out to the port
> connected to server
>
> just wanted to know where does firewal come in.
> kindly guide me if i am wrong. i want every packet destined to server
> should first pass through the firewall in l2 mode.
>
> if the pc is sendig frames with server mac add as l2 destination
> address..then i believe the switch will just look at frames layer 2 header ,
> looks in cam table and simply forward it out of link connected to server.
>
> thanks
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Mon Nov 15 2010 - 00:15:59 ART