Cisco VPN :: How To Separate W-Fi And LAN With ASA 5505
Dec 12, 2012
We have CISCO ASA 5505 in our office , right now port 0 has configured for outside and port 1 for inside (I believe it is the default configurations) now for security reason I want to separate the Network traffic from inside (office LAN) and WIFI , I believe since i have 6 ports in vlan1 (inside) if I make the port which has the connecting to our switch and the port which i m going to connect to my wireless router (same vlan1) protected / isolated then this should work , but here is what is happening , the minute I save the configurations port 3 which is supposed to be my wifi port will lose its connection to the Internet.
i tried to make another vlan for wifi to separate the trafic from vlan1 , but I m not getting internet connection on that port which is been assigned to new vlan for wifi.
View 5 Replies
ADVERTISEMENT
May 7, 2012
1. I currently have a Comcast Business Class Gateway, Cisco 2100 Series WLAN Controller and a Cisco ASA 5505 all connected together to supply LAN and WLAN internet connections on my network.
2. I also have a Card Access Security System on it owns network. It currently does not have internet access.
I would like to put my security system on the internet so that I can support it remotely. To do this, it has to be on a firewalled internet connection.Can I put the two networks on my ASA 5505 and keep them seperate? I don't want to provide a path into the Security System through my current LAN & WLAN. But I do need a frewalled internet connection on my Security System. I am trying to avoid purchasing a seperate firewall.
View 1 Replies
View Related
May 12, 2013
I'm having trouble setting up a second IPSec VPN tunnel on my Cisco ASA 5505 to another office. I was able to setup the first one with no problem through the ASDM, but have not been able to get the second one up.The IPSec tunnel is connecting to a WRVS4400N router at the other office. I tried debugging crypto isakmp, and crypto ipsec, but I'm getting nothing. Below is the config. Does something look wrong on my end? I also attached a screenshot of the parameters setup on the remote router.
View 7 Replies
View Related
Mar 12, 2011
I have a ASA 5505 that I have been using for a while, but a new ISP is trying to configure my service so that the outside interface has to be configured as DHCP to receive a reserved IP address, and then they will route a separate, non-contiguous block of addresses to that address.
Essentially, they have a DHCP reservation for 1.2.3.4 for my ASA, and then they have 10.2.3.16/28 as a separate block routed to me.
Obviously, I can do my static NAT translations using outside as the address, but I cannot get the separate block of addresses to route through the ASA. Is there a way to do this and get them to work? My ASA is running 7.2(2)
View 3 Replies
View Related
May 25, 2011
I have an ASA 5505 with the security plus software and I'm trying to find out how to assign 2 public IPs to the outside interface and have each IP routed to a separate internal VLAN. For example, IP 1 = X.X.X.1 routed to 192.168.1.0 and IP 2 X.X.X.2 routed to 192.168.2.0. I was told this was possible and I've been trying to find configuration examples, but I can't seem to get anywhere and now I'm getting desperate because I'm scheduled to install it this weekend.
View 1 Replies
View Related
Jan 16, 2013
My fiance recently signed up for the Screen-wise Panel for Google research. Basically they monitor your TV usage and your internet usage. As part of the program they installed a Cisco WIFI router. I've got no issue with them logging the sites visited etc but I'm a little worried about them possible collecting private information (banking / work related stuff) that I don't want going out there. According to what I've read what's supposed to happen is they replace your router with the new Cisco router.The "technician" who came in and installed the router was actually a builder and not an IT technician and rather than replace our router he connected the Cisco router into port 4 of our router... I wasn't in at the time.
What I was looking to do is separate Port 4 of my router into a separate VLAN that can access the internet, but not access anything on ports 1-3, or the wireless. However, I want to be able to see everything on port 4 from the other side (in other words I want to see "into" the port 4 VLAN, but don't want them to see out). I also wanted DHCP to assign IP addresses correctly depending on where you were plugged in. In this example the first VLAN (your current router ip address) is going to be on 192.168.1.1, and the second VLAN (the new on we create on port 4) is going to be on 192.168.2.1.This is exactly what I'm looking to do, I could then connect the kids machines / tablets / ipods to the Cisco router and have the main machine and my work laptop on the main router... but I don't have a clue how to do it. </quote> Is this something that I am able to do with the Netgear router I own and is it hard to set up?
View 1 Replies
View Related
May 1, 2011
I have 2 PCs at home. Lets name one of them as PC 1 which has two onboard LAN Ports. Now, PC1 has to connect to PC 2, just a home network for easy transfer on files and stuff, and it also has to connect to the internet via a network. The problem is both of them use static ip and when I tried configuring PC 1, it allows only one of the connections to remain active. I simply get an error otherwise saying "Multiple Gateways" will cause conflict and I will be stuck with only one connection. After much study I "somehow" connected both. I vaguely remember using the "route" command in cmd to achieve this. But now, I am getting an error when I try to access PC 2. My Internet is working fine.I am not network savvy at all. run both these connections from PC 1. I should add that I can in no way modify/change/or do anything else to my internet network since it is out of my control. I can do anything, however, for my Home Lan with PC 2. I run windows 7. Both the connections are wired, by the way.
View 2 Replies
View Related
Dec 12, 2011
What I am looking to do is separate my lan traffic from my wan traffic. The amount of Lan traffic is slowing my Internet connection. The media server is the host of all my music and movies and photos and well just about everything, Some of the files are excessivly large and just kill the throughput for the other machines. I'm wondering if it's possible to put 2 NICS in each machine and have all file transfers on one subnet and all internet activities on another. I have heard it's possible to put multiple addies on a single nic but doesn't this defeat the purpose of thru put?
Network 1 - one line diagram
Internet
Cable modem
Router/wifi
Switch 1
6 PC's 1 Media/file/print server.
All pc's and wifi use this to access internet, and all outside connections like remote desktop.
Network 2 - one line diagram
Switch 2
6 PC's, 1 Media/file/print server.
All pc's use this to stream audio and video from the media server as well as print functions and file storage.I have most of the hardware already except the additional nics for each machine. so if it's not feasible I'll not waste the extra monies.
View 5 Replies
View Related
Nov 5, 2012
I'm trying to separate my management traffic from regular traffic by splitting the management and "outside" interface to separate vlans but I'm hitting a routing issue. Say I have have a management network of 192.168.1.0 255.255.255.0 running across vlan 1 and I want to use 192.168.2.0 255.255.255.0 running across vlan 2 for the outside interface to send all the other traffic excluding the management traffic across. Tag both vlans on the external interface, say Eth0/0 Default route of route outside 0.0.0.0 0.0.0.0 192.168.2.1, With this, you can not hit the management interface because there is no route defined for the 192.168.1.0 network. However of course if you try to set one, you'll get the "connected route exists" error. How can I set the default route or gateway of the 192.168.1.0 network on the ASA. Switches just don't complain like the ASA does.
View 8 Replies
View Related
May 22, 2012
Our VMware guys want to use shared networking infrastructure to create a DMZ on a network.
[ASA (subif;VLAN 4)] <-trunk-> [DMZ Switch] <-trunk-> [LAN Core Switch] <-trunk-> [ESX vSwitch] <-VLAN 4-> [VM]
The DMZ Switch does not participate in VTP with the LAN but will have a VLAN ID created (same VLAN ID used from VM to ASA) No vlan interface will be created for the vlan
Is this a bad idea from a security or otherwise point of view? i.e. Best practices that should be followed here? Should I configure the link between the LAN Core Switch and DMZ switch as access ports so the port on each switch is forced to be on one specific vlan? I was going to use allowed vlans command to limit the vlans that can pass on it and possibly vtp pruning for all vlans.
View 2 Replies
View Related
Sep 2, 2012
is it possible to have the ASA connected to two ISP's and use the one ISP connection for Client/S2S VPN and Internet Access and the second ISP connection just for the WebVPN Traffic? How would you manage the Routing, as the default route is pointing to the first connection or is that not an issue here?
View 6 Replies
View Related
Nov 2, 2011
I am planning the following network setup.Get a server with 2 NICs, a router and a switch ,1st NIC is connected to Internet2nd NIC is connected to a router,A router is connected to a switch,All the client workstation are connected to Switch to access the server.I believe with this setup all my client workstations can browse the internet on their local machine via server.
View 11 Replies
View Related
Jun 22, 2011
Me and my girl friend both work from home doing freelance work using the internet. The company we do freelance work for allows one agent per ip address and checks the ip address for multiple agents I guess.I only have one modem, router, and two computers, but I believe they are on the same ip address.Is there a way to have two different ip addresses so we wouldn't have any issues with our work here?
View 19 Replies
View Related
Oct 28, 2011
I have 2 wireless devices. The first is the modem itself and the wireless is setup on that with WPA and all that fun stuff. The second one is a wireless access point. I would like to have a WiFi that can access ONLY the internet. I don't want it to be able to access the local network at all. Is this possible?
View 1 Replies
View Related
Feb 5, 2012
I would like to set up two separate networks from one internet connection(modem), with the goal being to have a public network(Network A) that would have a small server on it, and then having a second secured network(Network B) that would have my personal computers on it. And both networks having connection to the internet. (The idea being that if the server somehow became compromised that my personal computers and their data would be safe)I have done some research and found that many people claim this can be done with just two or three routers, but none of them go into any detail about how to configure the routers. Below are the physical setups of the two options that I have come up with in my research, which if either would you recommend? And how would I configure each of the routers?
--------------
Modem/router 1 (Network A public)
--Internet-in WAN port
--port 1 to WAN of router 2-------------l
--port 2 server
[code]...
View 2 Replies
View Related
Mar 27, 2013
i have computer A with 2 NICs.... NIC 1 has ip 192.168.x.x which has access to internet and NIC 2 10.0.x.x which as access to server files and other docs....i have computer B with ip 192.168.x.x but want to be able to access 10.0.x.x using computer A as a router is this possible and how do i go about doing that. i was thinking about bridging NIC 1 and NIC 2 adding static route on computer A and adding a second ip 10.0.x.x to computer B NIC (i know it is possible to add 2 ips on one NIC in windows) so i can have access to the file server...is what i mention possible
View 1 Replies
View Related
Sep 12, 2012
I have two subnets at my home and both run through my Cisco router. One is my private LAN with access to the Internet, ie your standard home network. The other is a semi-public network that I share with friends through an encrypted GRE tunnel system(DMVPN) over the Internet. I have a server on that semi-public network and I can access my friend's servers from my server, but not from my main PC on my private network.
Is there a way I can access both networks from only my main pc using two nic's?
View 7 Replies
View Related
Mar 29, 2012
how I can setup two separate networks on a Westell 327w modem/router. I know this question has been asked to death and I've utilized the search function, but I still don't know how to make this work. I have a computer that I plan on using for important business and my sibiling has my other computer that he uses for gaming and downloading stuff. His computer is connected wirelessly to the Westell 327w. My computer has no internet access at this point. I would like to have both connected wirelessly to the internet, but keep them completely separate and as secure as possible, as he downloads some questionable things.
View 1 Replies
View Related
May 19, 2011
Sometimes I need to administer the server, but always need to VPN. Can RDP be active while a separate VPN is active?
View 3 Replies
View Related
Oct 9, 2012
How to get wireless to a separate location from the house.I have the virgin media home hub in the house and I have a cabin out the back roughly 20m away which I require wireless to run in...i need the wireless for a ps3, mac mini, mac-book, ipad and other little wireless gadgets.I have tried using the devolo dLan 200 AV wireless n starter kit with very limited success. short of actually running an Ethernet cable along the ground and using an Ethernet switch is there anything else i can do? or are there better products with a bigger/better range than the devolo that would do the job?
View 1 Replies
View Related
Sep 22, 2011
We are on AOL Broadband and we have a Fujitsu Laptop and a Dell Notebook. Had to contact AOL by phone as we had lost our connection. Now the Laptop works but the Dell Notebook is not online.
View 1 Replies
View Related
Jun 22, 2012
I don't sound like a complete noob but anyway here it goes....I have a small business and work on my network myself. I am a novice but do enjoy the challenge. What I have in the closet is Comcast Business Class cable into a SMC 8014 router/ gateway with 4 lan ports. One of the ports goes into a ethernet switch and then those are fed into the panel for the corresponding 7 offices. The other lan port I connected a netgear n750 wireless router The Lan network is on a separate network form the wireless network because I set the Netgear n750 Wireless Router's DHCP server to on. I did this to keep people off of the local network. We have meetings with as many as 30 members and they use the wireless in varying degrees with no problems thus far. My problem now is that I think I have set it up wrong because I need to connect to my network printers and work-group computers with my wireless laptop ....problem is they are on different networks or subnets. They all have the same public IP of course but 2 seperate DHCP private networks...Is the term "different subnets"???
What I am looking to do is change the Router to an Access point or whatever works....... that grants access to the internet only for visiting members and........ Wireless access to my lan and internet for my laptop's Would making the Wireless Router an Access Point by turning off the DHCP sever and creating guest accounts be the right choice. Or is there a way to connect to my LAN through the wireless network without making this change.
View 5 Replies
View Related
Aug 30, 2011
I have a Netgear media player that I need to keep separate from my LAN. I have a switch that's connected to WAN and from the switch to dir-655 and the Netgem box. So I have two IP:s and the Netgems traffic is not going through the router at all.Now I'm short of LAN ports and I bought an eight port switch. However I only have room for keeping two devices at the space they are at. So I need to get rid of the old switch and somehow manage the network(s) with dir-655 and the new switch.The way I see it, I should connect WAN to dir-655 and from there to the switch and connect the Netgem box to router. But how can I configure dir-655 so that the Netgem is not on LAN with other devices?
View 6 Replies
View Related
Jan 23, 2011
I have two networks with two different external IP address, of course I have two routers where separate PCs are connected.
My question is if is possible to run with the adapter like DHP-342 or DHP 200 this two LANs over power without conflict?
View 1 Replies
View Related
Nov 1, 2011
I'm setting up two separate 5510's at two seperate locations. The client wants two seperate SSL-VPN's; one for the HQ and one for the COLO location. They have a single domain for which I have added a-records to point to the corrosponding ASA's thusly: [code]
My questions is this: do i need to buy seperate certificates for each ASA/fqdn/IP combo? I'm using godaddy to buy the certs. If I do need to buy seperate certs, that makes the installation easier, but may waste $$. If I only need to buy one cert, how do I set it up so that both combo's are verified?
View 2 Replies
View Related
Mar 6, 2012
<RouterA1>-Network2-<RouterA2>-AS65100-<RouterB1>-Network1-<RouterB2>
| |
| AS65101 |
<Router1>--------------------Network3----------------------<Router2>
Routers A1,A2,B1,B2 are in AS 65100
Routers 1 and 2 are in AS 65101
Routes from the network2 to network3 should go through RouterA1-Router1
Routes from the network1 to network3 should go through RouterB2-Router2
As for now all routes within AS 65100 to AS 65101 goes through RouterB2/Router2
View 3 Replies
View Related
Jan 12, 2011
Basically I am trying to do a bit of a clean up at work and replacing two dlink (home style) ADSL modems with a single Cisco 2901 router with 2 ADSL HWICs. On top of this I want to isolate the 2 connections from each other, that is I don't want to use them as fail-over or anything just as 2 seperate connections. To do this I am using VRF tunnels.So far I have been successful in the global config of the switch and everything works. And when I put the lan, atm and dialer interface into my VRF it connects up all fine.My issue that I am having is that DNS (which is being pulled from the ISP via ppp ipcp dns) seems to just populate the global dns view, not the view I created for the VRF. This results in DNS queries not being able to be resolved but all other traffic is fine (i.e. I can ping and access anything on the net, I just can't resolve names).
If I have 2 ADSL connections, on two VRF tunnels, how can I seperate their DNS information for each connection/VRF tunnel? especially if that information is different as they overwrite the global DNS config each time they connect.... I could (and have successfully tested) statically assigning DNS servers to each DNS view but I would rather rely on each ISP sending their DNS servers as opposed to me hard coding them.
View 2 Replies
View Related
Dec 28, 2011
Our bank is required to do disaster recovery testing. We are doing this offsite at one of our director's businesses. His setup is as follows: His ISP is Time Warner which provided him with a wall unit and a switch He has a Cisco 1841 router out from the Time Warner switch and then down to his internal network, so TW wall unit --> TW switch --> Cisco 1841 --> internal network.The IPs provided to them from TW are 74.219.xxx.1-254 We are trying to use the external address of 74.219.xxx.222, which his business is not currently using internally The Cisco 1841 router holds and NATs all of these addresses currently. We have a Cisco 800 series that is a dedicated router that needs an unused external static IP setup separate from their network. We were trying to plug into their Cisco 1841 and give the 800 series an internal address of 192.168.xxx.222. This will not work for our bank's core processing data center. It has to be out of the TW switch and have an address of the 74.219.xxx.222.
We tried plugging into the TW switch and making the 800 series router parallel to the 1841 router. Communication is not functioning when set up this way. This was tried on a laptop before using the 800 series router. Is there a way to pass through the 74.219.xxx.222 address internally through the Cisco 1841 so we can connect the 800 series directly to this address and the 1841 doesn't use or NAT it in any way?
We had contacted TW support and they made it sound like we would have to block out some addresses and resubnet our director's network. This probably will not be an option. Basically we need to pass the 74.219.xxx.222 addresses internally and have the Cisco 1841 pretend not to see it at all.So we would like to have 74.219.xxx.1-254 into the TW wall unit --> TW switch --> Cisco 1841 --> all 74. addresses resolved to 192.168.xxx.1-254 to internal EXCEPT 74.219.xxx.222 which would pass through to the Cisco 800 series router.
View 2 Replies
View Related
Mar 5, 2012
I'm looking for some input on RRM. I personally have NOT used it in a LONG TIME, since probably the 4.0 days and then very shortly due to massive issues it was causing and admittedly, in part due to my ignorance at the time. So, every since that point, I have always set all my channels and power manually but now feel I am getting to some points where RRM may be required / beneficial. So, I've invested some time and have begun researching and trying to get the ends and outs on it but I'm forseeing a potential issue in myworld anyways and am hoping for some clarification. Lets take the below example:
-WLC5508a and b - (2 100ap license controllers) - these hold the majority of the AP's for the main hospital.Lets say, 140AP's.
-WLC5508c and d - (1 100ap and 1 50ap licensed controllers) - These tend to hold our smaller sites and and buildings, not all connected and some a few miles from each other
-WLC4402a and b - (failover ready)
So, with RRM, I can set setting it up on the 5508A/B with out issue as this is one big large building. However,what about C and D? I suppose I can make them a separate RF Group, but how would RRM respond when it has16 AP's in Building X and then 3 AP's in Building Y 30 AP's in Building Z and sporadic buildings with 1's and 2's? Everything I've read so far, leads me to believe if these devices are separated it probably won't be an issue, however, I just don't want something causing a change in Building Z and Building X be affected because RRM decided it would try to fix it. My point is, I can't afford to have a separate RF Group (meaning separate controllers) for every location.
View 1 Replies
View Related
Sep 12, 2011
I have made a seperate VRF for management.But have a strange problem with a Cisco 3750 and a Cisco 3550.When I added these to the VRF, I can not reach them on tools like Network Assistant and web interface.Telnet works, no problems there.And there is no ACLs on the device restricting this.
View 6 Replies
View Related
Jun 8, 2011
i need to use two LAN connections one of INTERNET and one of internal server
View 1 Replies
View Related
Apr 26, 2011
I have two separate network with their own internet access as shown below I want to keep all setting of the left network unchanged. I can change the IPs and setting of the right side network.I want to be able to access all devices of the two network from my computer but in the same time the two network work as usual with no problems ( the same when they are sperate).One option is to set the LAN of modem 2 to 192.168.2.2 and connect one of the LAN port to LAN port of the Mkrotik router. Set the WAN of my private home router as
IP: 192.168.2.100
subnet mask: 255.255.255.0
gateway: 192.168.2.2
Home router LAN: 192.168.3.1
Is their another method to connect the two network and keep the same setting for the network on the left side?
View 2 Replies
View Related
Jan 27, 2012
I'm having a problem viewing devices on my home network. To better explain I created this diagram of my Home Network below.I have a Cisco VPN Router and connected to that I have a Netgear WRN 1000v2 Router & Linksys WRT54G2v1 Router. I used to have my home network connected to only one router and I was able to see and connected to other devices. Now my networks are separated, I think it has something to do with subnet masking and the IP addresses on the routers.
View 6 Replies
View Related
