Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1932
Views
0
Helpful
24
Replies

Guest network setup using ASA 5520

mbroberson1
Level 3
Level 3

‎06-18-2008 05:43 PM - edited ‎02-21-2020 02:53 AM

Looking into setting up a guest network. We would like to give a certain amount of our internet bandwidth to the guest network and setup DHCP on the ASA for the quest network. The guest network needs to be totally segmented from our corporate network.

0 Helpful
24 Replies 24

mbroberson1
Level 3
Level 3
In response to Farrukh Haroon

‎06-22-2008 05:25 PM

For the host to set the interface address as their default-gateway would I need to use "dhcpd option 3 ip 192.168.100.1 interface GUESTS" assuming 192.168.100.1 is the ip address for interface g0/2? And for the host to route out my outside interface (to get to the internet) would I need to set a route?

0 Helpful

Farrukh Haroon
VIP Alumni
VIP Alumni
In response to mbroberson1

‎06-22-2008 06:23 PM

I would assume that is required (setting the default gateway) for a properly designed network.

For the internet you just need a default route on the box:

route outside 0 0

Regards

Farrukh

0 Helpful

mbroberson1
Level 3
Level 3
In response to Farrukh Haroon

‎06-23-2008 04:33 AM

From what I have looked through the DNS and WINS for this type of setup are global so the guest network users would be using the same DNS and WINS server as the clients on the corporate network. Are you familiar with this?

0 Helpful

Farrukh Haroon
VIP Alumni
VIP Alumni
In response to mbroberson1

‎06-23-2008 06:23 AM

You can even skip DNS for the guest users. All they do is access the proxy server and the proxy server will resolve DNS for them.

Regards

Farrukh

0 Helpful

mbroberson1
Level 3
Level 3
In response to Farrukh Haroon

‎06-23-2008 07:12 AM

So they will proxy off my corporate internal proxy server? Wouldn't you have to touch the vendor PC's to add the proxy info?

0 Helpful

Farrukh Haroon
VIP Alumni
VIP Alumni
In response to mbroberson1

‎06-23-2008 08:22 AM

Can't you ask users to put the proxy?

Anyway this was just a suggestion. You can also give them DNS access.

Regards

Farrukh

0 Helpful

mbroberson1
Level 3
Level 3
In response to Farrukh Haroon

‎06-23-2008 08:46 AM

What if I didn't want users on the guest network touching any servers on my nerwork. Could I point them to an external public DNS server? Do you suppose this would work?

Would this point the users on the guest network to the following DNS servers?

dhcpd dns 4.2.2.1 4.2.2.2 interface vendor

0 Helpful

Farrukh Haroon
VIP Alumni
VIP Alumni
In response to mbroberson1

‎06-23-2008 10:41 PM

Yes the public ISP dns is definitely an option. There should be no issues at all.

Regards

Farrukh

0 Helpful

mbroberson1
Level 3
Level 3
In response to Farrukh Haroon

‎06-24-2008 04:10 AM

As far as nating goes I will need to set that up right? The guest users network will probably nat off the same interface that my corporate network is (the outside) interface. Right?

0 Helpful

mbroberson1
Level 3
Level 3
In response to Farrukh Haroon

‎06-19-2008 04:23 AM

So you can't throttle a port on the ASA?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card