ASA 5505 DMZ for wireless internet access

Hi,

We have a ASA setup in my office.

Internet->ASA->Inside network

we are using ASA 5505 Device for VPN and internet access.I need to configure one wireless router in DMZ for visitors internet access (we need to restrict outsiders to inside network). Is it possible ? If yes ,please help me.


Thanks
Renjith

No Answer?....

Hi,

if I understand well, you want to provide an Internet access to visitors configuring a wireless router in the DMZ of your ASA but you don't want these wireless clients to access your inside network ?

If you have the base license (not Security Plus one), you have nothing to do because this license just allow two Vlan and a third, restricted (dmz). If you put your wireless router on that Vlan, this Vlan cannot initiate traffic to the inside interface. Here is an example (Vlan1 is the inside):
[code:1]interface Vlan21
no forward interface Vlan1
nameif DMZ
security-level 50
ip address 172.16.0.1 255.255.255.0[/code:1]

I don't know if you can use the "no forward" with the Security Plus license ...

Hope it will help

Yes i have configured like this

interface Vlan3
no forward interface Vlan1
nameif dmz
security-level 50
ip address 10.10.55.5 255.255.255.0

But i am not able to access internet through DMZ port .I have tried to connect one machine to this port and tried internet from that machine..but no luck ....any configuration is required for internet access through DMZ. All other vlans are working fine.

Thanks
Renjith

Did you use PAT for your DMZ to access the Internet ?

[code:1]global (WAN) 1 interface
nat (LAN) 1 <lan_subnet> <lan_netmask>
nat (dmz) 1 10.10.55.0 255.255.255.0 [/code:1]

The third line will translate all your dmz hosts ip addresses to the WAN interface one. The same is enable by default for the inside/LAN interface (so you should already have line 1 and 2).

Great...Its really a wonderful help.Its worked for me.

Thank you for ur help.

Renjith