I work at a small company and have very limited experience with networking so any help is much appreciated. We have an ASA 5510 that connects out to our ISP. The inside interface is connected to a port on a Trendnet Switch (where all of our clients are connected as well)using 192.168.0.0/24 We also have a Linksys wireless router connected to one of the ports on the Trendnet in which it (wireless router) receives an IP via DHCP from the ASA. I know this isn't the best setup so I would like to connect the wireless router to one of the interfaces on the back of the ASA and have it able to communicate with the 192.168.0 network without any restrictions.
Is this possible to setup? If so can it be done using the ASDM?
The purpose of the wireless router is so that our users who have laptops can "undock" and continue to access our network resources, AD and Exchange as they normally do connected via wired connection.
Everything appears to be working except for our backups, we are using Microsoft Data Protection Manager on a server. When the laptop is connected through the wired connection the DPM server is able to sync the files but as soon as the laptop is connected to the wireless the DPM server can no longer sync with the clients. I disalbed the SPI firewall on the wireless but that did not help.
When I started to think about what could be causing this is when I thought that it might be easier to troubleshoot if the wireless was not connected through the Trendnet switch and it seems like it would be a "cleaner" setup since I believe the wireless is NATing all packets from the ASA but then again I really don't know if it matters.
It can be done through ASDM, but I'm not sure where to direct you. The ASA, unless purchased separately, ships with a base image that supports vlan 1, 2, and a dmz. Your outside interface is usually a member of vlan 2, and your internal systems are members of vlan 1. You can configure one of the interfaces on the ASA in a dmz, but the only caveat is that the dmz can only forward to one other interface which means you'd want it to forward outbound. If you want wireless for just internet access, this is the ideal situation because wireless users won't be able to get to internal resources. If you want to be able to give people access to your internal subnet, then you have 2 choices: leave it the way that you have it with your wireless on your internal subnet OR purchase a security image for your ASA that allows you to create more vlans and then you can forward between all of your vlans.
This document gives several answers on frequently asked questions for PFRv3 channel state behavior.
Q1: What are all the channel operational states from a BR (border role) perspective and what are the rules/conditions to be in each st...
The need was to reach an host inside a LAN through a VPN connection managed by the LAN gateway (Cisco 1921).
The LAN gateway performs NAT and there was a dedicate nat rule for the host i wanted to reach through VPN.
I couldn't connect to the hos...