Question : VLAN support for ASA 5505

I am looking to set up a wireless network for someone. I will be setting up some access points with 2 SSIDs one for a public network and another for a private. I am looking at an ASA 5505 to be used as the firewall/router. I once used one with the basic package and I know that it is limited to 3 VLANs but the third VLAN is limited to only contacting one of the other VLANs.

Now I would think that this would mean that it will work for my application. I only need the public wireless VLAN to contact the outside interface, and then the private VLAN will be able to access the outside interface as well. Does this sound correct?

Answer : VLAN support for ASA 5505

yes this will work with a basic license.  You will have a no forward.

Attach is part of the code for an ASA and the code for a Cisco 521 AP


1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:

ASA Version 8.0(4)
!
hostname FW

names
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 10.xxx.xxx.10 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address xxx.xxx.xxx.xxx 255.255.255.0
!
interface Vlan5
 no forward interface Vlan1
 nameif Public
 security-level 50
 ip address 172.30.20.10 255.255.255.0
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
 switchport access vlan 5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
boot system disk0:/asa804-k8.bin
ftp mode passive
access-list NoNAT extended permit ip 10.xxx.xxx.0 255.255.255.0 10.1.0.0 255.255.0.0
access-list NoNAT extended permit ip 10.xxx.xxx.0 255.255.255.0 10.2.0.0 255.255.0.0
access-list NoNAT extended permit ip 10.xxx.xxx.0 255.255.255.0 172.20.10.0 255.255.255.0
access-list SPLIT standard permit 10.xxx.xxx.0 255.255.255.0
pager lines 24
logging enable
logging buffered informational
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu Public 1500
ip local pool VPNIPs 172.20.10.2-172.20.10.11 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-61557.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list NoNAT
nat (inside) 1 0.0.0.0 0.0.0.0
nat (Public) 1 172.30.20.0 255.255.255.0
route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 10.220.72.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact

dhcpd dns 208.67.222.222 208.67.220.220
dhcpd auto_config outside
!
dhcpd address 172.30.20.100-172.30.20.200 Public
dhcpd enable Public
!

threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
Random Solutions  
 
programming4us programming4us