What is the best way to add a guest networ?

Unanswered Question
Oct 14th, 2009

What is the best way to configure a guest network? The guest network would have access to the Internet only. The guest network will would not have access to servers. We have a an ASA firewall, Cisco router and L3 switch.

Thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Panos Kampanakis Wed, 10/14/2009 - 15:37

You have two options, either use ZBF on the router or use the ASA to firewall the guest network.

In either case the guest network will be a dmz/zone itself. You will use ACLs to define where hosts can go and cannot go. And you will also set up their translations for when they want to browse the internet.

For an IOS set up you would have zone guest and zone outside for example and you would define the policies for the zone pair guest-to-out. Also you would define translations for the guest network when it traverses and goes to the outside.

For an ASA scenario you will have a interface or subinterface guest lets say, and the outside interface. Again you would define policies for traffic traversing these two interfaces and the corresponding translations.

PK

Actions

This Discussion