Page 1 of 1

Firewall Customer Configurations and VLANs

Posted: Mon Apr 28, 2008 10:48 am
by jenkinsje-p40
The ASA 5505 is capable of VLAN support, port forwarding and other custom configurations. While they are shipped pre-configured and supported only with this configuration, is it acceptable to modify the configuration to suit the needs of the building? Also, what is the official stand on port forwarding? Can VLANs be configured?

Posted: Sun Oct 31, 2010 5:44 pm
by schester
I love finding posts where someone else was thinking the same thing as me two years ago!

It's saddening though to see that the question has never been addressed.

I see many reasons for implementing vlan's on the meetinghouse networks. It would be very nice to separate out the MLS computers from those in the FHC and especially wifi users. The way it is currently setup certain people could start giving out the wifi code and the neighbors could be scanning the network and attempting to capture what is being transmitted before it is encrypted on the VPN. Vlans and ACL's would make this much more difficult, but it would require us either having local control of the ASA, putting another router behind the ASA or having SLC do a custom setup.

Anyone have any additional information?

Posted: Sun Oct 31, 2010 10:47 pm
by russellhltn
The firewall is currently under the firm control of the Global Services Desk. I doubt if most stakes have someone with enough knowledge of Cisco gear to do more good than "support needs" to justify opening it up.

Note all all the issues you've raised could be taken care of by placing another stake-controlled router behind the firewall.