Cisco ASA and Apple TV

Posted on 2014-08-19
Last Modified: 2014-10-10
I work in a campus environment. We have a Cisco ASA 5510 as our firewall. We also have a Cisco 5508 WLC for internal wireless clients. For our public WiFi and guest users, we have a secondary ISP connection from a different provider that they use that only provides them with Internet access ONLY. The secondary ISP does not touch my internal network at all. The goal was to provide guest WiFi access so that they could do whatever they want without impacting the school's bandwidth and business operations. So far this has worked flawlessly, until now...

Recently the school has purchased Apple TV and Crestron Air Media so that we can do device mirroring wirelessly for our users that have tablets and smart phones. This was only supposed to be for devices that purchased by the school. These devices are currently on the internal network and seem to work pretty well. Now, the administration wants folks who connect to the public and guest wifi to have access to the Apple TV and Crestron AirMedia.

My question is how do I allow in my ASA the public wifi users on the secondary ISP connection to connect to the Apple TV and Crestron device ONLY. I still want them on the secondary ISP connection, but allow them to mirror their tablets and smartphones if they enter a classroom. So far the only way i have found is to give the Apple TV and Crestron AirMedia public IP addresses and allow them to connect that way, but I am limited in the amount of available addresses so this is not a viable option. Please advise.
Question by:rweaver313
    LVL 28

    Expert Comment

    If you have a spare interface on your ASA, you can use it to create a new "GuestWiFi" security zone.  Then you create publishing rules, access lists, etc. that allow the WiFi users to access the services on your internal network.

    The other hurdle would be name resolution.  You will need to make sure that users on the WiFi connection can resolve the addresses correctly.

    Expert Comment

    by:Engelhard Labiro
    You may want to create a virtual firewall by using context command. One context is for your firewall into Seconday ISP, the other context is to allow access from Apple TV mirroring.
    The idea is to have a two virtual firewalls.

    Accepted Solution

    After upgrading the Apple TV to the latest iOS release and having iPhones and iPads on the latest iOS release, users are able to connect without being on any Wifi network.

    Author Comment

    I've requested that this question be closed as follows:

    Accepted answer: 0 points for rweaver313's comment #a40367486

    for the following reason:

    With their latest iOS relase, Apple provided a solution that allows connection to Apple TV without wifi connectivity.
    LVL 28

    Expert Comment

    The original solution provided was correct at the time the question was asked.  The author never provided any feedback.

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    Join & Write a Comment

    There is a security feature on iOS devices that is nearly impenetrable when it has been activated.  This article will provide some possible solutions as well as necessary steps to take to ensure you do not end up with a locked device.
    In this article we have discussed about the OS X EI Capitan and how to fix Wi-Fi issue in OS X El Capitan. We have explained how to delete system level preferences and create a new Wi-Fi location to resolve Wi-Fi issue.
    This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now