Getting Started
• DHCP for clients on management.
• ASDM access—Management hosts allowed.
• Hardware bypass is enabled for the following interface pairs: GigabitEthernet 1/1 & 1/2; GigabitEthernet
1/3 & 1/4
Note
• ASA FirePOWER module—All traffic is sent to the module in Inline Tap Monitor-Only Mode. This
mode sends a duplicate stream of traffic to the ASA Firepower module for monitoring purposes only.
The configuration consists of the following commands:
firewall transparent
interface GigabitEthernet1/1
bridge-group 1
nameif outside1
security-level 0
no shutdown
interface GigabitEthernet1/2
bridge-group 1
nameif inside1
security-level 100
no shutdown
interface GigabitEthernet1/3
bridge-group 1
nameif outside2
security-level 0
no shutdown
interface GigabitEthernet1/4
bridge-group 1
nameif inside2
security-level 100
no shutdown
interface Management1/1
management-only
no shutdown
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
interface BVI1
no ip address
access-list allowAll extended permit ip any any
access-group allowAll in interface outside1
access-group allowAll in interface outside2
same-security-traffic permit inter-interface
hardware-bypass GigabitEthernet 1/1-1/2
hardware-bypass GigabitEthernet 1/3-1/4
http server enable
http 192.168.1.0 255.255.255.0 management
dhcpd address 192.168.1.5-192.168.1.254 management
dhcpd enable management
When the ISA 3000 loses power and goes into hardware bypass mode, only the above
interface pairs can communicate; inside1 and inside2, and outside1 and outside2 can no
longer communicate. Any existing connections between these interfaces will be lost.
When the power comes back on, there is a brief connection interruption as the ASA
takes over the flows.
CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide, 9.5
ISA 3000 Default Configuration
21