Solved

Cisco Equipmet - ASA5505, 1811 ISR, 2960, 1130AG WAPs.. How to put this all together????

Posted on 2007-03-20
5
974 Views
Last Modified: 2008-12-06
I am currently receiving my High Speed Internet via Cable Modem through Mediacom. They do not offer a Static (they call it “sticky”) IP Address on residential accounts. I have acquired the following equipment so this is what I have to work with.

1 – Cisco 1811 Integrated Services Router
1 – Cisco ASA 5505 Adaptive Security Appliance
1 – Cisco Catalyst 2960G (20 + 4 10/100/1000MB)
2 – Cisco 1130AG Wireless Access Points

Due to port density limitations in place on the ASA5505 I have the 2960 available to me. However, I’m confused as to how I can utilize multiple VLANs on a separate switch.
If I have VLAN1 – Personal, VLAN2 – ISP, and VLAN3 – Business all configured on the ASA5055, but I want to have VLAN1 & VLAN3 split on the 2960 how do I go about this? I’m sure I will have to do 802.1q on some port(s), or can I create VLANs on ASA and run cross-over cable down to switch that is configured accordingly?

The ASA5505 also has two POE ports!! Can I assign each POE port to its own VLAN? If so, I would like to assign FastEthernet0/6 to VLAN3 and FastEthernet0/7 to VLAN1.  I would then connect a Cisco 1130AG WAP to each POE port. Is this possible?

I would then like to get DYNdns set up so I could create a L2L VPN Tunnel between VLAN3 and the corporate office. We run ASA 5520’s at Corporate so compatibility isn’t an issue. The biggest issue here is my limitations set forth by Mediacom not offering me a Static IP Address. Right?

I also have a couple game consoles (Xbox 360 & Wii) that don’t play well with Cisco NAT. I would like to put them out in a DMZ with full access to the Internet, but I’m not sure if this will work on the ASA appliance.  

All recommendations are greatly appreciated and I’m sure will be very helpful. Please feel free to ask questions, and I will do my best to answer them for you...

Thanks in advance…
0
Comment
Question by:huffakerce
5 Comments
 
LVL 28

Accepted Solution

by:
batry_boy earned 250 total points
ID: 18761502
You should be able to achieve most of that, but I have a question...what do you mean by "I want to have VLAN1 & VLAN3 split on the 2960"?

I will address your other questions in order:

"Can I assign each POE port to its own VLAN?"...yes

"I would like to assign FastEthernet0/6 to VLAN3 and FastEthernet0/7 to VLAN1.  I would then connect a Cisco 1130AG WAP to eachPOE port. Is this possible?"...yes

"I would then like to get DYNdns set up so I could create a L2L VPN Tunnel between VLAN3 and the corporate office. We run ASA 5520’s at Corporate so compatibility isn’t an issue. The biggest issue here is my limitations set forth by Mediacom not offering me a Static IP Address. Right?"
  ...yes, but not an insurmountable issue with the new 7.x code on the ASA.  It now includes support for Dynamic DNS...see the following URL for the command syntax:

http://www.cisco.com/en/US/products/ps6120/products_command_reference_chapter09186a008063f12c.html#wp1798702

"I would like to put them out in a DMZ with full access to the Internet, but I’m not sure if this will work on the ASA appliance."
  ...if you only have a single public IP address, then you will have to use NAT of some sort for your gaming devices to pass traffic to/from the Internet.  Do you mean that they don't do well with PAT or port forwarding?  The point being that whether you put your gaming devices in a "DMZ" or on another VLAN (inside, personal, whatever you want to call the network segment), you can configure the ASA to allow unrestricted bidirectional traffic flow to those devices, but they will still be subject to NAT if you only have a single public IP from your ISP.

Please let me know if I need to clarify further or explain about the VLAN's...
0
 

Author Comment

by:huffakerce
ID: 18763897
Because I'm limited to the number of ports I can use on the ASA.. I would like to have VLAN1 and VLAN3 ports available on the 2960.. VLAN1 ports would be native to the switch and I would just have to segment any number of ports to VLAN3 right? I was wondering how I would get two seperate VLAN's down to the 2960 when it's coming from multiple ports on the ASA.. Does this make sense.. It's kinda funky because the ports on the ASA are switch ports.. So, say FastEthernet0/3 is VLAN1 on ASA and I use X-over to FastEthernet 0/21 on 2960 and allocate FastEthernet0/1-0/10 & FastEthernet0/21 to VLAN1. I then take a X-over cable from FastEthernet0/4 (ASA) to FastEthernet0/22 on 2960 and allocate all remaining ports to VLAN3..

Does this make any sense at all, or am I completely confused?
0
 
LVL 2

Assisted Solution

by:djohnson104
djohnson104 earned 250 total points
ID: 18779695
Trunking, you can carry mulitple vlans over a trunk(single cable) to the switch. I am not sure how they do it on an ASA but on Routers you need to configure subinterfaces on one port E0/0.1 and E0/0.2. Depending on how many vlans you need.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now