Cisco ASA and Apple TV

I work in a campus environment. We have a Cisco ASA 5510 as our firewall. We also have a Cisco 5508 WLC for internal wireless clients. For our public WiFi and guest users, we have a secondary ISP connection from a different provider that they use that only provides them with Internet access ONLY. The secondary ISP does not touch my internal network at all. The goal was to provide guest WiFi access so that they could do whatever they want without impacting the school's bandwidth and business operations. So far this has worked flawlessly, until now...

Recently the school has purchased Apple TV and Crestron Air Media so that we can do device mirroring wirelessly for our users that have tablets and smart phones. This was only supposed to be for devices that purchased by the school. These devices are currently on the internal network and seem to work pretty well. Now, the administration wants folks who connect to the public and guest wifi to have access to the Apple TV and Crestron AirMedia.

My question is how do I allow in my ASA the public wifi users on the secondary ISP connection to connect to the Apple TV and Crestron device ONLY. I still want them on the secondary ISP connection, but allow them to mirror their tablets and smartphones if they enter a classroom. So far the only way i have found is to give the Apple TV and Crestron AirMedia public IP addresses and allow them to connect that way, but I am limited in the amount of available addresses so this is not a viable option. Please advise.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

If you have a spare interface on your ASA, you can use it to create a new "GuestWiFi" security zone.  Then you create publishing rules, access lists, etc. that allow the WiFi users to access the services on your internal network.

The other hurdle would be name resolution.  You will need to make sure that users on the WiFi connection can resolve the addresses correctly.
Engelhard LabiroSenior Network/Security EngineerCommented:
You may want to create a virtual firewall by using context command. One context is for your firewall into Seconday ISP, the other context is to allow access from Apple TV mirroring.
The idea is to have a two virtual firewalls.
rweaver313Author Commented:
After upgrading the Apple TV to the latest iOS release and having iPhones and iPads on the latest iOS release, users are able to connect without being on any Wifi network.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
rweaver313Author Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for rweaver313's comment #a40367486

for the following reason:

With their latest iOS relase, Apple provided a solution that allows connection to Apple TV without wifi connectivity.
The original solution provided was correct at the time the question was asked.  The author never provided any feedback.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.