Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

sample secure home network

Dear,

I'm looking for a sample architecture and configuration sample for a small home network.
I have 2 x WAP321, SMB-SG 300 switch and ISA firewall.

Thanks.

Joris

3 REPLIES

sample secure home network

Joris,

Can you provide a little more detail?

  1. Are you hosting any services on the home network (i.e. website, Exchange, etc.) or are you just needing to connect devices in the home to the internet?
  2. Are you needing multiple wireless networks or just one for use at home?
  3. How large of an area are you needing to cover with wireless?
  4. Does the ISA Firewall have the integrated wireless?
  5. What type of internet connection do you have?
  6. Is the internet connection DHCP, PPPoE, or Static IP?

I'm happy to help, but this information will help to get the configuration right the first time. 

Shawn Eftink
CCNA/CCDA

Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
New Member

Re: sample secure home network


Can you provide a little more detail?
Are you hosting any services on the home network (i.e. website, Exchange, etc.) or are you just needing to connect devices in the home to the internet?
Are you needing multiple wireless networks or just one for use at home?
How large of an area are you needing to cover with wireless?
Does the ISA Firewall have the integrated wireless?
What type of internet connection do you have?
Is the internet connection DHCP, PPPoE, or Static IP?


I'm hosting one service : home control. I would like to enable access to the provider via the Asa5505 (no wifi).
We live in an environment with approx. 15 SSID's visible. I would like to have three networks : captive portal, home network and home control network.
I measured the area : two AP's are sufficient.
Internet connection is PPoE.

I would like to play around with the hardware but the reference guides I've found are all about the enterprise series.

sample secure home network

Joris,

Thank you for clarifying that the firewall is an ASA not an ISA.  A couple of suggestions to get started.

  1. Install ASDM
    • If you haven't already, plug in the ASA and connect your PC to it.  Your PC should get an IP via DHCP.  Browse to the default gateway and on the homepage will be a link to download ASDM.  Download and install it.  Use ASDM to connect to your ASA going forward.  It's a pretty nice UI that will make configuring the ASA much easier than CLI, unless your very comfortable with CLI.
  2. Ensure you need outside access to Home Control
    • Since your connection is PPPoE, I'm also assuming you don't have a static IP from your provider meaning that your public IP may change from time to time.  The reason this is important is because if you are needing the ability to browse to your Home Network from outside your home, then you would either need a static IP that never changes (preferred) or utilize something like DDNS (less reliable).  All that said, there is a distinct possibility that you wouldn't need to worry about any of that.  Most, if not all, of the Home Control providers make this part easy by acting as a bridge between your outside access to your Home Control and your internal Home Control system.  What that means is that your Home Control system is checking into their system on a regular basis and their system leverages that regular checkin to control it.  You browse to their website to gain access to your Home Control system.  This generally doesn't require a static IP or any special configuration on your end.  It just requires that your Home Contol system has access to the internet and that certain ports are open.
    • I'd recommend contacting your Home Control system provider and ask them if you need a Static IP at your house to control your system.  Odds are the answer will be no.  I'd also ask them what ports need to be open from your Home Control system to their system for everything to function correctly.  They should provide you with a list of ports (i.e. TCP 80, TCP 443, UDP xxx, etc.)
      • Not only do you need this information to determine how to configure your firewall and if you have everything necessary from your ISP, but also to determine if you really need another SSID for your Home Control or if it can also be on your Home Network.  Some people may still prefer to put it on it's own SSID, for security reasons, but this also makes setting up and managing the network more complex for it to truly be secure.  For it to truly be secure, we would not only put it on its own SSID, but we would ensure that nothing else has access to the SSID.  So to directly connect to it internally, you would have to disconnect from your Home Network SSID and attach to the Home Control Network SSID.  If you're not going to make it secure, there's really no point to putting it on its own SSID.

Shawn Eftink
CCNA/CCDA

Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
529
Views
0
Helpful
3
Replies