Hello all,

I have a small home network running a ASA5550 as my boundary gateway, but it's been jamming up my wireless network. The topology is as follows:

|Cisco WLAN Controller| ---- |Cisco ISR| ---- |Cisco ASA5550| ---- |Internet|

Since installing and configuring my WLAN controller, my wireless devices drop all connectivity for about 5 minutes every time I hop between APs in my home. I have 3 distinct APs for the center and either end of my house. The NAT rules are set up and working, and if I connect my phone or other portable device to the network with ASA running I get great throughput and no problems. If I try to move around the network the ASA starts dropping traffic aggressively. I only recently figured out that it was an AP hopping problem, but I've verified with several devices that if I move between APs while routing through the ASA my connection drops for about 5 minutes. I've also removed the ASA from the network and routed directly through the ISR with a software Zone Based firewall and I get 100% throughput on all my WAPs with zero drops or latency when I jump between APs. The only thing I can think of is that the ASA doesn't like when I hope between LWAPs since each AP gets it's own IP address and possibly confuses the NAT tables or just enrages the security device.

Is there any setting in the ASA to relax the rules for the wireless network or another setting anyone can think to integrate with a WLC running several LWAPs? Should I set an internal/external NAT rule at the WLC or ISR and try to just force the ISR to preserve port mappings it receives? Any advice from anyone with a better security background than me would be welcomes.