Cisco Equipmet - ASA5505, 1811 ISR, 2960, 1130AG WAPs.. How to put this all together????

I am currently receiving my High Speed Internet via Cable Modem through Mediacom. They do not offer a Static (they call it “sticky”) IP Address on residential accounts. I have acquired the following equipment so this is what I have to work with.

1 – Cisco 1811 Integrated Services Router
1 – Cisco ASA 5505 Adaptive Security Appliance
1 – Cisco Catalyst 2960G (20 + 4 10/100/1000MB)
2 – Cisco 1130AG Wireless Access Points

Due to port density limitations in place on the ASA5505 I have the 2960 available to me. However, I’m confused as to how I can utilize multiple VLANs on a separate switch.
If I have VLAN1 – Personal, VLAN2 – ISP, and VLAN3 – Business all configured on the ASA5055, but I want to have VLAN1 & VLAN3 split on the 2960 how do I go about this? I’m sure I will have to do 802.1q on some port(s), or can I create VLANs on ASA and run cross-over cable down to switch that is configured accordingly?

The ASA5505 also has two POE ports!! Can I assign each POE port to its own VLAN? If so, I would like to assign FastEthernet0/6 to VLAN3 and FastEthernet0/7 to VLAN1.  I would then connect a Cisco 1130AG WAP to each POE port. Is this possible?

I would then like to get DYNdns set up so I could create a L2L VPN Tunnel between VLAN3 and the corporate office. We run ASA 5520’s at Corporate so compatibility isn’t an issue. The biggest issue here is my limitations set forth by Mediacom not offering me a Static IP Address. Right?

I also have a couple game consoles (Xbox 360 & Wii) that don’t play well with Cisco NAT. I would like to put them out in a DMZ with full access to the Internet, but I’m not sure if this will work on the ASA appliance.  

All recommendations are greatly appreciated and I’m sure will be very helpful. Please feel free to ask questions, and I will do my best to answer them for you...

Thanks in advance…
huffakerceAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

batry_boyCommented:
You should be able to achieve most of that, but I have a question...what do you mean by "I want to have VLAN1 & VLAN3 split on the 2960"?

I will address your other questions in order:

"Can I assign each POE port to its own VLAN?"...yes

"I would like to assign FastEthernet0/6 to VLAN3 and FastEthernet0/7 to VLAN1.  I would then connect a Cisco 1130AG WAP to eachPOE port. Is this possible?"...yes

"I would then like to get DYNdns set up so I could create a L2L VPN Tunnel between VLAN3 and the corporate office. We run ASA 5520’s at Corporate so compatibility isn’t an issue. The biggest issue here is my limitations set forth by Mediacom not offering me a Static IP Address. Right?"
  ...yes, but not an insurmountable issue with the new 7.x code on the ASA.  It now includes support for Dynamic DNS...see the following URL for the command syntax:

http://www.cisco.com/en/US/products/ps6120/products_command_reference_chapter09186a008063f12c.html#wp1798702

"I would like to put them out in a DMZ with full access to the Internet, but I’m not sure if this will work on the ASA appliance."
  ...if you only have a single public IP address, then you will have to use NAT of some sort for your gaming devices to pass traffic to/from the Internet.  Do you mean that they don't do well with PAT or port forwarding?  The point being that whether you put your gaming devices in a "DMZ" or on another VLAN (inside, personal, whatever you want to call the network segment), you can configure the ASA to allow unrestricted bidirectional traffic flow to those devices, but they will still be subject to NAT if you only have a single public IP from your ISP.

Please let me know if I need to clarify further or explain about the VLAN's...
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
huffakerceAuthor Commented:
Because I'm limited to the number of ports I can use on the ASA.. I would like to have VLAN1 and VLAN3 ports available on the 2960.. VLAN1 ports would be native to the switch and I would just have to segment any number of ports to VLAN3 right? I was wondering how I would get two seperate VLAN's down to the 2960 when it's coming from multiple ports on the ASA.. Does this make sense.. It's kinda funky because the ports on the ASA are switch ports.. So, say FastEthernet0/3 is VLAN1 on ASA and I use X-over to FastEthernet 0/21 on 2960 and allocate FastEthernet0/1-0/10 & FastEthernet0/21 to VLAN1. I then take a X-over cable from FastEthernet0/4 (ASA) to FastEthernet0/22 on 2960 and allocate all remaining ports to VLAN3..

Does this make any sense at all, or am I completely confused?
0
djohnson104Commented:
Trunking, you can carry mulitple vlans over a trunk(single cable) to the switch. I am not sure how they do it on an ASA but on Routers you need to configure subinterfaces on one port E0/0.1 and E0/0.2. Depending on how many vlans you need.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.