Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2734
Views
0
Helpful
5
Replies

How to separate WIFI and LAN with ASA 5505

alendpr.cisco
Level 1
Level 1

‎12-13-2012 02:43 AM

HI Guys,

We have CISCO ASA 5505 in our office , right now port 0 has configured for outside and port 1 for inside (I believe it is the default configurations) now for security reasone I want to separate the Network traffic from inside (office LAN) and WIFI , please correct me if I'm wrong but I believe since i have 6 ports in vlan1 (inside) if I make the port which has the connecting to our switch and the port which i m going to connect to my wireless router

(same vlan1)  protected / isolated then this should work ,  but here is what is happening , the minute I save the configurations port 3 which is supposed to be my wifi port will lose its connection to the Internet.

i tried to make another vlan for wifi to seprate the trafic from vlan1 , but I m not getting internet connection on that port which is been assigned to new vlan for wifi.

any idea where i am wrong ? would you guys please let me know what should i do for this scenario ?

Thanks a lot

Labels:
0 Helpful
5 Replies 5

Mariusz Bochen
Level 1
Level 1

‎12-13-2012 05:14 AM

Hi Alen,

If you're configuring a new VLAN on ASA you need to reconfigure NAT as well in order to get Internet access on wireless devices.

Also how the WIFi router is configured? Is it just a standard bridge mode? What about the DHCP?

If you post your config we can help you out.

Regards

Mariusz

0 Helpful

alendpr.cisco
Level 1
Level 1
In response to Mariusz Bochen

‎12-13-2012 05:22 AM

Hi Thanks for the respond

Well I m new in CISCO so dont know how exactly I have to make NAT so it would be perfect if you let me know how can I do that , preferly via ASDM .

we have the basic license (two vlan "outside and inside" and DMZ) basically i m trying to configure the DMZ in order to connect my wireless router to it so our customers who are using the WIFI can not have any access to our LAN . I dont know if this is the best scenario (DMZ) please correct me if I can use easier way for this purpose .

at this point lets forget about the wifi router and DHCP , as long as I can configure the port so I can connect my laptop to it and get the Internet without access to my LAN it would be perfect so I can configure the wireless router later.

Right now I have created a vlan (DMZ) with security level 50 , I have restricted the access of this interface to vlan1 (inside LAN) , I assigned the IP address 192.168.1.0

But cant get internet when connect myself to it , what else I have to do ?

Thanks for your help in advance

0 Helpful

Mariusz Bochen
Level 1
Level 1
In response to alendpr.cisco

‎12-13-2012 05:41 AM

If everything is setup as default this CLI command should help:

nat (DMZ) 1 0.0.0.0 0.0.0.0

If you don't want tu use CLI (which is highly recommended) you can do it from ASDM: Configuration > Firewall > NAT Rules > Add dynamic NAT, select your dmz VLAN, Source any, and select outside pool with number 1.

Good thing to do if you're new to Cisco is to change preferences Tools > Preferences > Tick Preview commands before sending them to the device. Helps alot with learning CLI commands

Hope this helps

Mariusz

0 Helpful

alendpr.cisco
Level 1
Level 1
In response to Mariusz Bochen

‎12-15-2012 09:58 PM

HI

Sorry as I said i m not good in CLI yet , if I m suppose to enter nat (DMZ) 1 0.0.0.0 0.0.0.0 I need to know everything from the beginning to enter this command , anyway when I tried ASDM as you instructed first i got the error saying the outside pool 1 is already exists so i deleted all the NAT under the DMZ , and did select it again and below was the code sent to the firewall :

  no nat (DMZ) 1 192.168.1.0 255.255.255.0

  clear xlate interface DMZ local 192.168.1.0 netmask 255.255.255.0

Yet i have no chance 

Maybe it is good if you let me know what should I do from the beginning by having this point in mind that whatever I do should not affect the inside network because it is the live router and all users are working .


Also please correct me if I’m wrong , isn't it suppose when we have two ports in the same vlan (inside) for example port 2 and port 3 , if we select them as protected / isolated ports then these ports should not pass any traffic to each other but pass the traffic to another vlan (outside) ? Why whenever I make the port 2 as protected which has the connation to our main switch still get the internet from port 0 (outside) but port 3 is not getting Internet?

Thanks

0 Helpful

Mariusz Bochen
Level 1
Level 1
In response to alendpr.cisco

‎12-19-2012 04:40 AM

Hi Alen,

Sorry for been quiet for few days.I am struggling with a giant cold...

We need to see the config in order to provide a good advice. Just login to CLI, type in 'show run' and post the config. Don't forget to hide all confidential info.

Regards

Mariusz

0 Helpful
Customers Also Viewed These Support Documents