Link to home
Start Free TrialLog in
Avatar of Frank Wulfers
Frank WulfersFlag for United States of America

asked on

Set up wireless network on Cisco ASA 5505 with DHCP

We have a Cisco ASA 5505 that we use for our wired LAN.  The interfaces are currently configured to use switch port 0/0 for the outside and switch ports 0/1 through 0/7 for the 'inside' interface.  We currently use only 1 switch port for the inside network that goes to our main LAN switch.  Everything works fine for our local LAN.

I would like to set up a basic wireless network with a small hub and 3 WAPs.  Instead of setting this up on our local LAN, I would like to connect this directly to the ASA 5505.  I am not an expert in this set up but think this is what needs to be done.

- Free up 1 switch port from the 'inside' interface
- Add a new 'wireless' interface in Device Setup / Interfaces and used the available switch port
- In Device Management / DHCP / DHCP Server, enable for the new 'wireless' interface
- Set up address pool, use a public DNS server (like Google)
- Connect hub with 3 WAPs (with fixed IPs) and wireless devices should be able to get an IP and connect to the internet

Are there any additional steps or am I missing something?  I just want to make sure I am not messing anything up for our wired LAN that does have its own Windows 2012 AD/DHCP/DNS server.  We use ASDM 6.4 for the GUI.
SOLUTION
Avatar of Cheever000
Cheever000
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Frank Wulfers

ASKER

Thanks for the re-assurance Cheever.  Where is this base NAT statement set up?  Configuration > Firewall > NAT Rules ?

Is there a standard IP range of IP to use for a wireless network or doesn't it matter?
Well..  so much for that idea.  It looks like our base license doesn't allow this.  Not sure what kind of license we would need for this.

Error: This license does not allow configuring more than 2 interfaces with nameif and without a "no forward" command on this interface or on 1 interface(s) with nameif already configured.

User generated image
ASKER CERTIFIED SOLUTION
Avatar of Pete Long
Pete Long
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Sorry I don't work in the ASDM, issue this command

no forward interface vlan 1

then try again :)

Pete
Thanks for the info Pete.  There was a setting in ADSM for that as well.  After enabling that, it was possbile to enable DHCP for that interface.  However, I haven't been able to access the interface through that interface so it seems liek I am missing a setting or an entry somewhere.
>>I haven't been able to access the interface through that interface

Sorry I dont understand?

P
I don't understand what I wrote either. :)   I meant "able to access the internet through that interface".
You probably just need a PAT statement

object network Obj-WirelessPAT
 subnet 0.0.0.0 0.0.0.0
 nat (wireless, outside) dynamic interface
What Pete said is exactly what I was getting at for the NAT (PAT in this case)
^^Agreed :)
Thanks again guys, I will continue with this after the holidays and set it up as suggested.
I followed this guide to add a PAT statement in the ADSM:
http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/118996-config-asa-00.html

And...   it worked!  The new interface can now access the internet.  I set up DHCP for that new interface,  connected a wireless router and connected successfully with a smartphone.  So it now all works as planned.

Thanks so much for everyone's assistance.  As this was working with our live internet environment for our LAN, I had to double-check everything and be very careful in making changes.  It wasn't all that difficult but many things aren't if you know exactly what you're doing. :)  Thanks again!