Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: ASA 5505 DMZ for wireless internet access

ASA 5505 DMZ for wireless internet access 7 years 5 months ago #29984

  • Remo1030
  • Remo1030's Avatar
  • Offline
  • New Member
  • Posts: 7
  • Karma: 0
Hi,

We have a ASA setup in my office.

Internet->ASA->Inside network

we are using ASA 5505 Device for VPN and internet access.I need to configure one wireless router in DMZ for visitors internet access (we need to restrict outsiders to inside network). Is it possible ? If yes ,please help me.


Thanks
Renjith
The administrator has disabled public write access.

Re: ASA 5505 DMZ for wireless internet access 7 years 5 months ago #30043

  • Remo1030
  • Remo1030's Avatar
  • Offline
  • New Member
  • Posts: 7
  • Karma: 0
No Answer?....
The administrator has disabled public write access.

Re: ASA 5505 DMZ for wireless internet access 7 years 5 months ago #30058

  • hanapurna
  • hanapurna's Avatar
  • Offline
  • New Member
  • Posts: 9
  • Karma: 0
Hi,

if I understand well, you want to provide an Internet access to visitors configuring a wireless router in the DMZ of your ASA but you don't want these wireless clients to access your inside network ?

If you have the base license (not Security Plus one), you have nothing to do because this license just allow two Vlan and a third, restricted (dmz). If you put your wireless router on that Vlan, this Vlan cannot initiate traffic to the inside interface. Here is an example (Vlan1 is the inside):
[code:1]interface Vlan21
no forward interface Vlan1
nameif DMZ
security-level 50
ip address 172.16.0.1 255.255.255.0[/code:1]

I don't know if you can use the "no forward" with the Security Plus license ...

Hope it will help
The administrator has disabled public write access.

Re: ASA 5505 DMZ for wireless internet access 7 years 5 months ago #30067

  • Remo1030
  • Remo1030's Avatar
  • Offline
  • New Member
  • Posts: 7
  • Karma: 0
Yes i have configured like this

interface Vlan3
no forward interface Vlan1
nameif dmz
security-level 50
ip address 10.10.55.5 255.255.255.0

But i am not able to access internet through DMZ port .I have tried to connect one machine to this port and tried internet from that machine..but no luck ....any configuration is required for internet access through DMZ. All other vlans are working fine.

Thanks
Renjith
The administrator has disabled public write access.

Re: ASA 5505 DMZ for wireless internet access 7 years 5 months ago #30076

  • hanapurna
  • hanapurna's Avatar
  • Offline
  • New Member
  • Posts: 9
  • Karma: 0
Did you use PAT for your DMZ to access the Internet ?

[code:1]global (WAN) 1 interface
nat (LAN) 1 <lan_subnet> <lan_netmask>
nat (dmz) 1 10.10.55.0 255.255.255.0 [/code:1]

The third line will translate all your dmz hosts ip addresses to the WAN interface one. The same is enable by default for the inside/LAN interface (so you should already have line 1 and 2).
The administrator has disabled public write access.

Re: ASA 5505 DMZ for wireless internet access 7 years 5 months ago #30087

  • Remo1030
  • Remo1030's Avatar
  • Offline
  • New Member
  • Posts: 7
  • Karma: 0
Great...Its really a wonderful help.Its worked for me.

Thank you for ur help. :)

Renjith
The administrator has disabled public write access.
Time to create page: 0.080 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup