04-10-2012 01:04 AM - edited 03-11-2019 03:52 PM
Hello Cisco'ers
I am planing to implement an ASA55100 in our network.
I've never worked with an ASA5510 device, so i am not quiet sure how to place it correctly.
The idea is the following:
Current Situation
Network with wireless access, everybody who's connected to the Wifi can access the resources.
SSID = JUFCorp
Desired Situation
Network with only internet access, separate SSID -> JUFGuest
Is this possible with this layout?
PS: when i configure the ASA, i couldn't find an option where i can enter a default gateway. Is this supposed to be like this?
So right now i can only access the management port when i'm in the same subnet. Is there an other way around that?
Solved! Go to Solution.
04-10-2012 02:29 AM
Hi,
My suggestion would be to terminate the Internet directly on your ASA. That way you would save one of your public IP addresses.
If it is a small network it also means potentially that you could retire the router from your network. The firewall can perform routing functions in it's place.
Move the DMZ switch off to the side of the ASA so it is not directly connected to the Internet.
See below a quick start guide for the ASA that will help you configure it.
http://www.cisco.com/en/US/docs/security/asa/quick_start/5500/5500_quick_start.html
You can configure ACLs on the WLC to restrict guest access to the Internet only. See below an example guide to help you get started.
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807810d1.shtml
Alternatively you could sit the WLC behind the DMZ switch and control access to the Internet via the firewall.
Don't forget to rate posts that are helpful.
Cheers
Sean
04-10-2012 02:31 AM
Hi,
I can't really comment on the network layout much as I dont deal with wireless networks (at all)
Though my first instinct would be to place the ASA behind the router. In your current setup I guess it would only serve the wireless networks?
Regarding the default route though
You can enter it from the CLI in the following way
route
for example
route outside 0.0.0.0 0.0.0.0 1.2.3.4
This can be done on ASDM also with either of these 2 ways:
Tools -> Command Line Interface -> insert the above command in a form modified to suite your purpose
OR
Configuration -> Device Setup -> Routing -> Static Routes -> Add
and add a route for 0.0.0.0/0 with the gateway address and destination interface of your choice
- Jouni
04-10-2012 02:29 AM
Hi,
My suggestion would be to terminate the Internet directly on your ASA. That way you would save one of your public IP addresses.
If it is a small network it also means potentially that you could retire the router from your network. The firewall can perform routing functions in it's place.
Move the DMZ switch off to the side of the ASA so it is not directly connected to the Internet.
See below a quick start guide for the ASA that will help you configure it.
http://www.cisco.com/en/US/docs/security/asa/quick_start/5500/5500_quick_start.html
You can configure ACLs on the WLC to restrict guest access to the Internet only. See below an example guide to help you get started.
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807810d1.shtml
Alternatively you could sit the WLC behind the DMZ switch and control access to the Internet via the firewall.
Don't forget to rate posts that are helpful.
Cheers
Sean
04-10-2012 02:34 AM
Hi Sean,
thanks, makes sense.
There was just one more thing that's bugging me->
when i configure the ASA, i couldn't find an option where i can enter a default gateway. Is this supposed to be like this?
So right now i can only access the management port when i'm in the same subnet. Is there an other way around that?
04-10-2012 02:31 AM
Hi,
I can't really comment on the network layout much as I dont deal with wireless networks (at all)
Though my first instinct would be to place the ASA behind the router. In your current setup I guess it would only serve the wireless networks?
Regarding the default route though
You can enter it from the CLI in the following way
route
for example
route outside 0.0.0.0 0.0.0.0 1.2.3.4
This can be done on ASDM also with either of these 2 ways:
Tools -> Command Line Interface -> insert the above command in a form modified to suite your purpose
OR
Configuration -> Device Setup -> Routing -> Static Routes -> Add
and add a route for 0.0.0.0/0 with the gateway address and destination interface of your choice
- Jouni
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: