A Cisco ASA out of the box is licensed for 2 ½ VLANs.
- One VLAN for the outside (public) network
- One VLAN for the inside (private network)
- A third VLAN which is restricted to be able to talk to either the inside VLAN or the outside VLAN, but not both.
This third VLAN is often used for a guest wireless network, which has access to the internet but no access to your internal network. So we configure port 0 on the ASA on the outside VLAN and give it an IP address of say 100.100.100.1/28. Then we configure port 1 on the ASA on the inside VLAN and give it an IP address of 10.1.1.1/24. The guest VLAN we configure on port 2 and give it 192.168.1.1/24.
I connected port 0 to the upstream router from your ISP and port 1 and 2 directly to a main switch. We have several edge switches around your company that connect to the main switch with fiber uplinks. In theory you should be able to plug a computer into any switch in the company, manually assign it an IP address of 192.168.1.100/24 with a default gateway of 192.168.1.1 and you should be able to get to the internet.
I have tried this and it either doesn’t work at all or works very slowly. Any thought other then configuring VLANs?
