Frank Wulfers
asked on
Set up wireless network on Cisco ASA 5505 with DHCP
We have a Cisco ASA 5505 that we use for our wired LAN. The interfaces are currently configured to use switch port 0/0 for the outside and switch ports 0/1 through 0/7 for the 'inside' interface. We currently use only 1 switch port for the inside network that goes to our main LAN switch. Everything works fine for our local LAN.
I would like to set up a basic wireless network with a small hub and 3 WAPs. Instead of setting this up on our local LAN, I would like to connect this directly to the ASA 5505. I am not an expert in this set up but think this is what needs to be done.
- Free up 1 switch port from the 'inside' interface
- Add a new 'wireless' interface in Device Setup / Interfaces and used the available switch port
- In Device Management / DHCP / DHCP Server, enable for the new 'wireless' interface
- Set up address pool, use a public DNS server (like Google)
- Connect hub with 3 WAPs (with fixed IPs) and wireless devices should be able to get an IP and connect to the internet
Are there any additional steps or am I missing something? I just want to make sure I am not messing anything up for our wired LAN that does have its own Windows 2012 AD/DHCP/DNS server. We use ASDM 6.4 for the GUI.
I would like to set up a basic wireless network with a small hub and 3 WAPs. Instead of setting this up on our local LAN, I would like to connect this directly to the ASA 5505. I am not an expert in this set up but think this is what needs to be done.
- Free up 1 switch port from the 'inside' interface
- Add a new 'wireless' interface in Device Setup / Interfaces and used the available switch port
- In Device Management / DHCP / DHCP Server, enable for the new 'wireless' interface
- Set up address pool, use a public DNS server (like Google)
- Connect hub with 3 WAPs (with fixed IPs) and wireless devices should be able to get an IP and connect to the internet
Are there any additional steps or am I missing something? I just want to make sure I am not messing anything up for our wired LAN that does have its own Windows 2012 AD/DHCP/DNS server. We use ASDM 6.4 for the GUI.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Well.. so much for that idea. It looks like our base license doesn't allow this. Not sure what kind of license we would need for this.
Error: This license does not allow configuring more than 2 interfaces with nameif and without a "no forward" command on this interface or on 1 interface(s) with nameif already configured.
Error: This license does not allow configuring more than 2 interfaces with nameif and without a "no forward" command on this interface or on 1 interface(s) with nameif already configured.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Sorry I don't work in the ASDM, issue this command
no forward interface vlan 1
then try again :)
Pete
no forward interface vlan 1
then try again :)
Pete
ASKER
Thanks for the info Pete. There was a setting in ADSM for that as well. After enabling that, it was possbile to enable DHCP for that interface. However, I haven't been able to access the interface through that interface so it seems liek I am missing a setting or an entry somewhere.
>>I haven't been able to access the interface through that interface
Sorry I dont understand?
P
Sorry I dont understand?
P
ASKER
I don't understand what I wrote either. :) I meant "able to access the internet through that interface".
You probably just need a PAT statement
object network Obj-WirelessPAT
subnet 0.0.0.0 0.0.0.0
nat (wireless, outside) dynamic interface
object network Obj-WirelessPAT
subnet 0.0.0.0 0.0.0.0
nat (wireless, outside) dynamic interface
What Pete said is exactly what I was getting at for the NAT (PAT in this case)
^^Agreed :)
ASKER
Thanks again guys, I will continue with this after the holidays and set it up as suggested.
ASKER
I followed this guide to add a PAT statement in the ADSM:
http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/118996-config-asa-00.html
And... it worked! The new interface can now access the internet. I set up DHCP for that new interface, connected a wireless router and connected successfully with a smartphone. So it now all works as planned.
Thanks so much for everyone's assistance. As this was working with our live internet environment for our LAN, I had to double-check everything and be very careful in making changes. It wasn't all that difficult but many things aren't if you know exactly what you're doing. :) Thanks again!
http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/118996-config-asa-00.html
And... it worked! The new interface can now access the internet. I set up DHCP for that new interface, connected a wireless router and connected successfully with a smartphone. So it now all works as planned.
Thanks so much for everyone's assistance. As this was working with our live internet environment for our LAN, I had to double-check everything and be very careful in making changes. It wasn't all that difficult but many things aren't if you know exactly what you're doing. :) Thanks again!
ASKER
Is there a standard IP range of IP to use for a wireless network or doesn't it matter?