Cisco ASA Guest Wireless Configuration

This is a simple template to configure an ASA device using asa821-k8.bin code. Interfaces: Ethernet0/0 is connected to a DSL modem and that DSL modem dishes out dhcp addresses. Ethernet0/1 is the management interface for this device. Ethernet0/2 is a trunk interface to a Cisco wireless controller. The guest wireless network is

February 16, 2012

hostname %{Hostname}%
enable password %{Enable_secret}%
passwd %{Admin_password}%
interface Vlan1
 description Guest WLAN
 no shut
 nameif GUEST-WLAN
 security-level 50
 ip address

interface Vlan2
 description Outside Vlan
 no shut
 nameif outside
 security-level 0
 ip address dhcp setroute

interface Vlan100
 description Management Vlan
 no forward interface Vlan1
 no shut
 nameif MGMT_IF
 security-level 100
 ip address %{Management_ip}% %{Management_subnetmask}%
interface Ethernet0/0
 no shut
 description DSL Modem
 switchport access vlan 2
interface Ethernet0/1
 description Management
 no shut
 switchport access vlan 100
 switchport protected
 speed 100
 duplex full
interface Ethernet0/2
 description To Wireless controller
 no shut
 speed 100
 duplex full
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
pager lines 24
logging asdm informational
mtu Guest-WLAN 1500
mtu outside 1500
mtu MGMT_IF 1500
ip verify reverse-path interface outside
ip verify reverse-path interface MGMT_IF
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (GUEST-WLAN) 1
access-group MGMT-IN in interface MGMT_IF
route MGMT_IF %{Management_gateway}%
dynamic-access-policy-record DfltAccessPolicy
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
dhcpd auto_config outside

threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server %{NTP_Server}%
username admin password %{Admin_password}%
 match default-inspection-traffic
policy-map type inspect dns DNS-INSPECT
  message-length maximum 512
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect esmtp
  inspect dns DNS-INSPECT
  inspect icmp
service-policy APP-INSPECT-POLICY interface outside
prompt hostname context

copy run start