Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations biv343 on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

DMZ setup on ASA 5505 for WAP

Status
Not open for further replies.

edbisw

MIS
Jun 3, 2008
47
I have a WAP hanging off Eth 7 (a PoE port, which the Netgear WAP support) and want to DMZ this port.

But I also do NOT want the internal LAN (10.x.x.x network) to reach it at all. The WAP will be on 192.168.1.x and run DHCP. This is for guest access, so I don't want them seeing the 10.x.x.x network at all.

What I have so far is:
----
interface vlan 10
nameif dmz
security-level 50
ip address 192.168.1.10 255.255.255.0
no shutdown

int e0/7
switchport access vlan 10
----

But I saw "switchport protected" and thought I just needed that to block access, however the VLAN is 1 for the 10.x.x.x network and I understand that command only works if they are on the same VLAN.

Do I just use ACLs to block the traffic between the VLANs?

-Ed
 
Figured it out...

Under int vlan 10, you do this:

no forward interface vlan1

Where vlan 1 is the other inside/corporate network.

All good now!

-Ed
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top