Home network with ASA 5505 and WAP

Answered Question
Mar 5th, 2008

I would like to set up my ASA 5505 with one switch port port used for my wireless access point and the others set up for my home network. I do not want the WAP to be able to communication with the other inside home computers. I have set up the following VLANS

homeinside -

homewap - (providing DHCP)


When I set up the WAP in port 1 I can get an IP address when a wireless laptop connects however I cannot get out to the internet.

I was reviewing page 4-8 Chapter 4 of the Configuring Switch ports and VLAN interfaces for the Cisco ASA 5505 Adaptive Security Appliance for configuring VLAN interfaces for the base license and thought that I had a good idea of the principle.

I am not a CISCO expert so I am a little lost on what to do now. Is there something that would show me step by step how to set up the applicable menu items to allow the insidewas to connect to the internet? The book with the ASA 5505 covers the VLANS in detail but I still cannot get the WAP working correctly.

Any suggestions on what menu items I need to check to see if they are configured correctly.

I have this problem too.
0 votes
Correct Answer by brettmilborrow about 8 years 7 months ago

That sounds correct. The wizard takes care of the NAT and access-lists for your setup.

Well done!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
gregh Mon, 03/10/2008 - 04:29

I took a look at the referenced link. In the end I used the wizard to setup the 3 VLANS and then just added a NAT rule to allow the Wireless Access Point VLAN to the outside interface. I set the security level of both the inside home and the wap to 100 and selected the option in the wizard to not allow the wap to communication with the inside home. This solution appeared to work and the WAP cannot see the other computers on the inside VLAN but can get to the internet. Could it have been this simple of a solution or am I still missing something?

Correct Answer
brettmilborrow Mon, 03/10/2008 - 04:55

That sounds correct. The wizard takes care of the NAT and access-lists for your setup.

Well done!


This Discussion