Cisco ASA Guest Wireless Configuration

Download Template
This is a simple template to configure an ASA device using asa821-k8.bin code. Interfaces: Ethernet0/0 is connected to a DSL modem and that DSL modem dishes out dhcp addresses. Ethernet0/1 is the management interface for this device. Ethernet0/2 is a trunk interface to a Cisco wireless controller. The guest wireless network is 192.168.10.0/24

akonkol
February 16, 2012







hostname %{Hostname}%
enable password %{Enable_secret}%
passwd %{Admin_password}%
names
!
interface Vlan1
 description Guest WLAN
 no shut
 nameif GUEST-WLAN
 security-level 50
 ip address 192.168.10.1 255.255.255.0

!
interface Vlan2
 description Outside Vlan
 no shut
 nameif outside
 security-level 0
 ip address dhcp setroute

!
interface Vlan100
 description Management Vlan
 no forward interface Vlan1
 no shut
 management-only
 nameif MGMT_IF
 security-level 100
 ip address %{Management_ip}% %{Management_subnetmask}%
!
interface Ethernet0/0
 no shut
 description DSL Modem
 switchport access vlan 2
!
interface Ethernet0/1
 description Management
 no shut
 switchport access vlan 100
 switchport protected
 speed 100
 duplex full
!
interface Ethernet0/2
 description To Wireless controller
 no shut
 speed 100
 duplex full
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
ftp mode passive
pager lines 24
logging asdm informational
mtu Guest-WLAN 1500
mtu outside 1500
mtu MGMT_IF 1500
ip verify reverse-path interface outside
ip verify reverse-path interface MGMT_IF
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (GUEST-WLAN) 1 192.168.10.0 255.255.255.0
access-group MGMT-IN in interface MGMT_IF
route MGMT_IF 10.0.0.0 255.0.0.0 %{Management_gateway}%
dynamic-access-policy-record DfltAccessPolicy
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
dhcpd auto_config outside
!

threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server %{NTP_Server}%
webvpn
username admin password %{Admin_password}%
!
class-map APP-INSPECTION
 match default-inspection-traffic
!
!
policy-map type inspect dns DNS-INSPECT
 parameters
  message-length maximum 512
policy-map APP-INSPECT-POLICY
 class APP-INSPECTION
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect esmtp
  inspect dns DNS-INSPECT
  inspect icmp
!
service-policy APP-INSPECT-POLICY interface outside
prompt hostname context
end

copy run start

You must be logged in to comment.