Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1947
Views
0
Helpful
24
Replies

Guest network setup using ASA 5520

mbroberson1
Level 3
Level 3

‎06-18-2008 05:43 PM - edited ‎02-21-2020 02:53 AM

Looking into setting up a guest network. We would like to give a certain amount of our internet bandwidth to the guest network and setup DHCP on the ASA for the quest network. The guest network needs to be totally segmented from our corporate network.

0 Helpful
24 Replies 24

Farrukh Haroon
VIP Alumni
VIP Alumni

‎06-18-2008 06:54 PM

Do you have a proxy server on your network?

You could create a separate zone/interface for the GUEST users giving it a lower security level as the inside. For DHCP have a look at:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806c1cd5.shtml

Regards

Farrukh

0 Helpful

mbroberson1
Level 3
Level 3
In response to Farrukh Haroon

‎06-19-2008 03:57 AM

We have a microsoft ISA server as our proxy server.

0 Helpful

Farrukh Haroon
VIP Alumni
VIP Alumni
In response to mbroberson1

‎06-19-2008 04:00 AM

"We would like to give a certain amount of our internet bandwidth to the guest network"

I don't think the ASA supports this inherently. There are third party plug-ins for this tough.

Regards

Farrukh

0 Helpful

mbroberson1
Level 3
Level 3
In response to Farrukh Haroon

‎06-19-2008 04:05 AM

So you can't throttle a port on the ASA?

0 Helpful

Farrukh Haroon
VIP Alumni
VIP Alumni
In response to mbroberson1

‎06-19-2008 04:18 AM

No you can actually, have a look at:

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/qos.html

Regards

Farrukh

0 Helpful

mbroberson1
Level 3
Level 3
In response to Farrukh Haroon

‎06-19-2008 04:59 AM

So the configuration would be like to plug in from a switch port to the ASA port and set up DHCP for the ASA interface on the ASA and use QOS to port throttle the interface?

0 Helpful

Farrukh Haroon
VIP Alumni
VIP Alumni
In response to mbroberson1

‎06-19-2008 05:14 AM

Yup, you could throttle based on the DHCP pool you assign.

Regards

Farrukh

0 Helpful

mbroberson1
Level 3
Level 3
In response to Farrukh Haroon

‎06-19-2008 05:24 AM

So the configuration I described looks accurate? Come out of the switch port that is assigned to the guest network vlan into the interface/port on the ASA that will be for the guest network. The ASA interface/port ip address will be the default-gateway for the clients correct?

0 Helpful

Farrukh Haroon
VIP Alumni
VIP Alumni
In response to mbroberson1

‎06-19-2008 05:31 AM

Yes the ASA will be the default gateway.

0 Helpful

mbroberson1
Level 3
Level 3
In response to Farrukh Haroon

‎06-19-2008 05:38 AM

Looks like a easy configuration then?

0 Helpful

Farrukh Haroon
VIP Alumni
VIP Alumni
In response to mbroberson1

‎06-19-2008 05:47 AM

Seems simple, but then that is a 'relative' thing :)

Regards

Farrukh

0 Helpful

mbroberson1
Level 3
Level 3
In response to Farrukh Haroon

‎06-19-2008 05:54 AM

Right...;-)

Thanks

0 Helpful

mbroberson1
Level 3
Level 3
In response to Farrukh Haroon

‎06-20-2008 07:17 AM

Would we need to configure a vlan on the ASA also to coin side with the vlan on the LAN?

0 Helpful

Farrukh Haroon
VIP Alumni
VIP Alumni
In response to mbroberson1

‎06-20-2008 11:57 PM

You don't need to configure any vlans/sub-interfaces unless you require more zones than the interfaces built-in to your box (5).

You just choose any unused interface and set it up like this:

interface gig 0/2

no shut

nameif GUESTS

security-l 50

ip address

Regards

Farrukh

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card