INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Jobs

Jobs from Indeed

need some help to properly set up, segregate and secure a network with an ASA 5505

need some help to properly set up, segregate and secure a network with an ASA 5505

need some help to properly set up, segregate and secure a network with an ASA 5505

(OP)
Hello,

I need some help to properly set up, segregate and secure a network.

The networking equipment consists of a Cisco ASA 5505 as the main firewall/DHCP server, a few Layer 2 switches and 2 Cisco WAP-371-A-K9 operating in a cluster.

Here is what we have:

Windows Server 2012 R2 and about 10 joined PCs on the server's domain. These PCs need to be redirected to the Windows server as their DNS server in order to function properly. We also have wireless PCs/Tablets/Phones that need to access the server.
10 IP cameras with a NVR.
A Networked Printer/Scanner/Fax machine.
Guest PCs, Guest tablets, Guest smartphones.
Smart TVs, Home automation devices, etc...

I do not believe that it is a good idea to throw all the devices on one single VLAN. Now from thereon, I get confused as to how to properly set up the network.

I originally thought that I should have 4 VLANs:

VLAN1(most trusted): Windows server and all PCs/tablets/phones/devices that need to access the server. Ports 443 and 4125 will need to be opened for remote access.
VLAN2: IP Cameras and NVR with a port opened for the NVR to be remotely accessible.
VLAN3: Home Automation, WiFi Garage door Opener, Magic Jack Devices, etc...
VLAN4(least trusted): Smart TVs, Network Printer, Guest PCs, Guest Tablets Guest Phones, etc...

Now this being said, devices in more secure VLANs should be able to access devices in less secure VLANs, but not vice versa.

Your thoughts and recommendations are highly appreciated.
Many thanks!


RE: need some help to properly set up, segregate and secure a network with an ASA 5505

An easy setup would just be to manipulate the security levels of the VLANs/interfaces.

For example, highest security to lowest:

Set VLAN1 as 100
Set VLAN2 as 75
Set VLAN3 as 50
Set VLAN4 as 25

Default rules on the ASA should allow traffic from a higher security interface to any lower security interface.

If you want, you could set any interface to the same security level with same-security-traffic permit inter-interface (this is also in the interface config of the ASDM as "Enable traffic between two or more interfaces which are configured with the same security levels"

If you add in any specific access rules to the interface/VLAN, though, I believe that goes out the door.

RE: need some help to properly set up, segregate and secure a network with an ASA 5505

(OP)
Do you think segregating VLANs will provide enough security?
Furthermore, how should i set up the WLANs? one SSID for VLAN1 and another for VLAN4?

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Resources

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close