Solved: Re: Can we connect Wireless guest network to ASA? - Cisco Community

1465

Views

0

Helpful

4

Replies

Hi,

We have two ISP 1. MPLS and 2. For Guest - Fiber Broadband. How to secure our Corporate Network from Guest Network as both are connected to our Cisco ASA5515.

Regards,

Mohammed

2 Accepted Solutions

Accepted Solutions

Hi,

You can deploy access list to block communication between the corporate and guest vlan and only allow access to the Internet for guest vlan.

HTH

View solution in original post

Hi there,

Create a new Guest VRF on your core switch. It should contain all your guest wireless interfaces and a point-to-point link to your ASA.

This will keep traffic seperated on your core, there only way devices in different VRFs will be able to communicate will be via the ASA.

cheers,

Seb.

View solution in original post

4 Replies 4

Hi,

You can deploy access list to block communication between the corporate and guest vlan and only allow access to the Internet for guest vlan.

HTH

Hi there,

Create a new Guest VRF on your core switch. It should contain all your guest wireless interfaces and a point-to-point link to your ASA.

This will keep traffic seperated on your core, there only way devices in different VRFs will be able to communicate will be via the ASA.

cheers,

Seb.

Most of the staff will connect to guest wifi. How can I allow and access Exchange ActiveSync using the Guest Wireless?

Regards,

Mohammed

Hi,

As long as the guest is in a separate vlan/subnet, you can use the access-list to allow exchange ActiveSync IPs to communicate with guest and also have them access the Internet. As for DNS on guest network, you can point them to an external DNS (8.8.8.8).

HTH

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Log in to Community

Review Cisco Networking for a $25 gift card