NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Network Conceptual Problem
Hey all,
Just need a little help from the network brains out there. I am a lowly CCNA, so I setup my home network easily enough - but I'm having some problems figuring out how to inspect all traffic leaving my network.
So, the main setup has a Cisco 1812 with one VLAN connect to an ASA 5505. Previously, the ASA did an overload NAT and sent all outbound traffic to the cable modem and off to public. However, I added the Nighthawk R700 for Wi-Fi.
One of the selling points was public share access, however, unless I'm missing something, that means that the R7000 needs a public address. So, I had no choice but to place it in between the ASA and cable modem in my topology.
Now, it's all working fine - I have the R7000 running a DHCP server for Wi-Fi connected hosts, and the ASA runs DHCP for internal LAN. However, none of the Wi-Fi connected hosts run through the ASA. I tried to place a static route in the R7000 to force all traffic back to the ASA for inspection, but that static route feature on the R7000 is not really a static route and it doesn't work - all Wi-Fi hosts go straight to Public.
So, I just need a little help conceptual - there must be a way to do what I want to do; right? Hopefully I’ve explained the problem well enough, I've attached a rough drawing for clarity - it's actually really simple - any thoughts on this one? Could I move the R7000 inside and still access the ReadyShare media?
3 Replies
- I think you should put the R7000 behind the ASA. If you like, set it into AP mode to avoid creating another subnet. Then forward the necessary port(s) for public share access.
You know, I can't believe I didn't think of that - so thank you, I complete forgot about the other setup options.
However, it didn't work. I moved the R7000 inside the ASA and am successful at using the access point and getting all traffic (Wi-Fi and internal) inspected by the ASA - but I can't access the ReadyShare device.
The AP setup option only lets allows you to setup an admin password and a Wi-Fi SSID - and even if I could somehow setup the ReadyShare device, when the device is internal, it doesn't get a public IP as the ASA NAT's between public and private. So, I did consider configuring the R7000 for Bridge mode, and add it to the internal VLAN, but I think I'm going to have the same problem with a non-public routable address to reach the ReadyShare.So, yeah, pretty frustrating that I can't just leave the R7000 outside the ASA and add a static route in, 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255 and solve the entire problem.
It's my understanding that ReadyShare should work in AP Mode. Here are a couple of threads.
Readyshare not working in AP mode
Re: r7000 readyshare when used as access point
With regards to public access, are you familiar with port forwarding? The R7000 doesn't need a public address. Just set up the ASA to forward the ports used by Readyshare to the R7000.
