I guess you would have to configure a Trunk between the standalone AP and the ASA5505. And to support Trunking your ASA5505 would have to have Security Plus license if I dont remember wrong.
Then you could Trunk the 2 Vlans from AP to the ASA and configure separate DHCP pool for them.
Sadly I never even touch Wireless networks/devices in my work (other people for that) so I dont what your different options there are. I just imagine that if your ASA5505 is running Base License and you cannot trunk and IF your AP had 2 physical ports then you could do around the Trunking limitation of your ASA by configuring Access Mode ports for each Vlan on the ASA and connecting 2 separate ports from the AP to those ASA ports.
Allowing only Internet access for the other WLAN should be possible with simple access rules.
The DHCP through L2L VPN might be an option but its surely more complicated to set up. If you had a Cisco router at the local site you could even use it as DHCP server. I am not sure if APs have this possibility? As I said I dont know the first thing about configuring Wireless networks.
The AP has 1 physical port so obviously this will be trunked and so will the port on the ASA. I do have the secuirty plus license.
As you can see in the config below. the actual physical IP address of the inside network is 192.168.70.254 ( port 7 facing the AP vlan 1 ) i can provide DHCP range to an interface. how do i guest the guest network to work on the ASA? and set an IP range to this network? hope this make sense?
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...