Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
316
Views
0
Helpful
2
Replies

Forwarding subnet to firewall

jgorman1977
Level 1
Level 1

‎04-07-2009 05:18 AM - edited ‎03-04-2019 04:16 AM

I have a Cisco AP with a Guest VLAN which is at a branch office. What is the best method to forward this VLAN to our ASA interface which is located across MPLS at our corporate office?

Labels:
0 Helpful
2 Replies 2

mike-greene
Level 4
Level 4

‎04-07-2009 06:24 AM

Hi,

Depending on your security policy for your guest network, I would put an ACL blocking/allowing traffic on the layer three interface representing the default gateway of the guest vlan. We typically allow DHCP, DNS, block all traffic to internal subnets including all RFC 1918 addresses and then permit full IP. I would then let your normal routing get the traffic to your ASA. Depending if your ASA's are running a dynamic routing protocol you'll need a static route in the ASA so traffic can get back to the guests on the vlan.

Cisco recommends an anchor WLC to tunnel guest traffic from wireless networks to the edge so that would be an option as well if you have WLC's on your network.

HTH.

0 Helpful

omar.elmohri
Level 1
Level 1

‎04-07-2009 07:44 AM

I heared about q-in-q using MPLS.

And it may give you ideas:

http://www.cisco.com/en/US/docs/net_mgmt/ip_solution_center/5.1/mpls_vpn/user/guide/cnfglets.html#wp1041711

Regards,

Omar

Please rate if that help.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card