• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 506
  • Last Modified:

ASA5505 and Netgear WG103AP cant get working

Experts,

I'm struggling with this one.

I have a CISCO ASA 5505 with ASA 8.2 image.

I've setup a DMZ interface on Vlan10 on the ASA
Assigned Ports 6&7 to Vlan10
Interface IP 10.10.10.254
DHCP Scope active from ASA to DMZ Interface

Plugged in Netgear Wg103 and its gets an IP Address - Great!

Assign a static IP 10.10.10.253 to the Netgear AP and continue to setup Wireless SSID Profile.
Profile configured and assigned to Vlan10 via Netgear menus.

The problem is when I connect to the AP using my laptop I get limited or no connectivity.

But when I connect my laptop directly into port 6 or 7 on the ASA I get a DHCP address and out on the Internet.

What am I doing wrong?

Should I set the wireless profile to be on Vlan10? or should I leave it on Vlan1
I'm not doing any Vlan Trunking, this is a small office and I have plenty of spare ports on the ASA.

Any ideas?

Regards

Mike

0
mf_read
Asked:
mf_read
  • 3
  • 3
1 Solution
 
gavvingCommented:
What license feature do you have enabled on the 5505?  For full DMZ functionality you need the "Security Plus" license.  The output of "show version" will give us this information.  If you have the Base version, then you will not be able to configure the DMZ to be able to communicate to both the inside network and the outside network.  It will be able to communicate with one or the other, but not both.
0
 
mf_readAuthor Commented:
Thanks for the reply, we do have the full Advanced IP Security Plus device.
I think its a Vlan issue myself, but I'm not sure.
0
 
gavvingCommented:
If you've assigned VLAN 10 to the ASA ports and it shows it in the config like this:
"switchport access vlan 10"
Then it is sending the traffic out those ethernet ports untagged (i.e. vlan 1).  So you you should not configure the netgear AP to use any VLANs in that case.  It should be configured for VLAN 1 or no VLANs.

You might also confirm that the netgear AP works on another network with that configuration as well.
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
mf_readAuthor Commented:
Thanks again for the reply, I think you are right, the AP need to be left on VLAN1.
I'll give that a try and let you know.
0
 
gavvingCommented:
Any update on whether that solved the problem or not?  Thanks.
0
 
mf_readAuthor Commented:
Sorry for the late response with this, I can say that I quite simply put the AP on VLAN1 and connected it to VLAN10 configured the switch port for Untagged on that Vlan and all is working well, Thanks again for your clarification.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now