Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA5510 Setup Layout - Does this work?

Hello Cisco'ers

I am planing to implement an ASA55100 in our network.

I've never worked with an ASA5510 device, so i am not quiet sure how to place it correctly.

The idea is the following:

Current Situation

Network with wireless access, everybody who's connected to the Wifi can access the resources.

SSID = JUFCorp

Desired Situation

Network with only internet access, separate SSID -> JUFGuest

Is this possible with this layout?

Image and video hosting by TinyPic

PS: when i configure the ASA, i couldn't find an option where i can enter a default gateway. Is this supposed to be like this?

So right now i can only access the management port when i'm in the same subnet. Is there an other way around that?

  • Firewalling
Everyone's tags (3)
2 ACCEPTED SOLUTIONS

Accepted Solutions

ASA5510 Setup Layout - Does this work?

Hi,

My suggestion would be to terminate the Internet directly on your ASA. That way you would save one of your public IP addresses.

If it is a small network it also means potentially that you could retire the router from your network. The firewall can perform routing functions in it's place.

Move the DMZ switch off to the side of the ASA so it is not directly connected to the Internet.

See below a quick start guide for the ASA that will help you configure it.

http://www.cisco.com/en/US/docs/security/asa/quick_start/5500/5500_quick_start.html

You can configure ACLs on the WLC to restrict guest access to the Internet only. See below an example guide to help you get started.

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807810d1.shtml

Alternatively you could sit the WLC behind the DMZ switch and control access to the Internet via the firewall.

Don't forget to rate posts that are helpful.

Cheers

Sean

Super Bronze

ASA5510 Setup Layout - Does this work?

Hi,

I can't really comment on the network layout much as I dont deal with wireless networks (at all)

Though my first instinct would be to place the ASA behind the router. In your current setup I guess it would only serve the wireless networks?

Regarding the default route though

You can enter it from the CLI in the following way

route 0.0.0.0 0.0.0.0

for example

route outside 0.0.0.0 0.0.0.0 1.2.3.4

This can be done on ASDM also with either of these 2 ways:

Tools -> Command Line Interface -> insert the above command in a form modified to suite your purpose

OR

Configuration -> Device Setup -> Routing -> Static Routes -> Add

and add a route for 0.0.0.0/0 with the gateway address and destination interface of your choice

- Jouni

3 REPLIES

ASA5510 Setup Layout - Does this work?

Hi,

My suggestion would be to terminate the Internet directly on your ASA. That way you would save one of your public IP addresses.

If it is a small network it also means potentially that you could retire the router from your network. The firewall can perform routing functions in it's place.

Move the DMZ switch off to the side of the ASA so it is not directly connected to the Internet.

See below a quick start guide for the ASA that will help you configure it.

http://www.cisco.com/en/US/docs/security/asa/quick_start/5500/5500_quick_start.html

You can configure ACLs on the WLC to restrict guest access to the Internet only. See below an example guide to help you get started.

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807810d1.shtml

Alternatively you could sit the WLC behind the DMZ switch and control access to the Internet via the firewall.

Don't forget to rate posts that are helpful.

Cheers

Sean

New Member

ASA5510 Setup Layout - Does this work?

Hi Sean,

thanks, makes sense.

There was just one more thing that's bugging me->

when i configure the ASA, i couldn't find an option where i can enter a default gateway. Is this supposed to be like this?

So right now i can only access the management port when i'm in the same subnet. Is there an other way around that?

Super Bronze

ASA5510 Setup Layout - Does this work?

Hi,

I can't really comment on the network layout much as I dont deal with wireless networks (at all)

Though my first instinct would be to place the ASA behind the router. In your current setup I guess it would only serve the wireless networks?

Regarding the default route though

You can enter it from the CLI in the following way

route 0.0.0.0 0.0.0.0

for example

route outside 0.0.0.0 0.0.0.0 1.2.3.4

This can be done on ASDM also with either of these 2 ways:

Tools -> Command Line Interface -> insert the above command in a form modified to suite your purpose

OR

Configuration -> Device Setup -> Routing -> Static Routes -> Add

and add a route for 0.0.0.0/0 with the gateway address and destination interface of your choice

- Jouni

538
Views
0
Helpful
3
Replies
This widget could not be displayed.