replacement for Cisco ASA 5505

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
jworth1
New Member
Posts: 15
Joined: Wed Dec 22, 2010 12:10 pm

replacement for Cisco ASA 5505

Postby jworth1 » Mon Jan 07, 2013 3:09 pm

I see where the Cisco ASA 5505 firewall will be replaced by the 881w by the end of 2013.

My concern is that we use the two PoE ethernet connections on it to power two wireless access points and I don't see them on the 881w.

Can anyone confirm that?

Thanks
Jeff

rolandc
Member
Posts: 257
Joined: Tue May 15, 2012 7:20 pm

Re: replacement for Cisco ASA 5505

Postby rolandc » Mon Jan 07, 2013 3:18 pm

The 881's wireless is extended with the use of a Cisco 1041n-LAP generally by enough to cover the whole building.

https://www.lds.org/callings/melchizede ... w?lang=eng

User avatar
johnshaw
Senior Member
Posts: 1834
Joined: Fri Jan 19, 2007 1:55 pm
Location: Syracuse, UT

Re: replacement for Cisco ASA 5505

Postby johnshaw » Tue Jan 08, 2013 6:39 am

jworth1,

My FMG started proactively upgrading our ASA5505's with 881W's, and had no idea what else was connected to them, in a single week, they had disabled wireless in 2 buildings - Sunday following the upgrades I got calls that wireless wasn't working everywhere like it used to.

I was able to get my Stake PFR to confirm with the FMG that something had changed and the FMG was even willing to speak directly with me for a very rare, but pleasant surprise. We were able to find some stand-alone POE modules (some from when I'd removed them after using the ASA ports, and some that were ordered). And got the buildings back to pre-FMG work service.

Nice thing is that this resulted in an FM Mechanic working with me regularly when they upgrade the systems. (I also was a little miffed because they failed to account for networked printers in the FHC's that they replaced the ASA's in as well as the building wireless) - anyway, it was smooth sailing after that.. A marked improvement in my FMG association. They still pick and choose what and where they do the work, but it is moving forward which is a plus.
“A long habit of not thinking a thing wrong, gives it a superficial appearance of being right, and raises at first a formidable outcry in defense of custom.”
― Thomas Paine, Common Sense

parktw
New Member
Posts: 11
Joined: Mon Jan 07, 2013 5:00 pm

Re: replacement for Cisco ASA 5505

Postby parktw » Mon Jan 14, 2013 5:10 pm

Yeah, John sounds like he's right on the money, and I'm sorry to hear he ran into trouble when the firewall got changed over. Seems like forgetting the printers is a common issue.

You basically have two options. The first is you can get external power injectors that will work with the 1200's, which are no longer available through distribution, so they would have to be acquired elsewhere:

http://www.amazon.com/Cisco-Syst-POWER- ... r+injector
(You will also need the power adapter it offers to bundle with.)
*this is not the same power injector that is shipped with the 1041n access points*

The only other option is replacing the APs with 1200's. Either solution can work. I would make sure you reset and rescript the 1200's if you decide to keep them. While if you just plug them into the 881w they will more than likely work, if you ever contact the Global Service Center to have them troubleshot or have them make changes, they won't be able to find them, as they are scripted to a static IP on your ASAs subnet.

User avatar
johnshaw
Senior Member
Posts: 1834
Joined: Fri Jan 19, 2007 1:55 pm
Location: Syracuse, UT

Re: replacement for Cisco ASA 5505

Postby johnshaw » Tue Jan 15, 2013 5:41 am

So far, after that initial week of issues, the FMG has worked well enough with the GSD to make sure our 12xx series WAP's still work after they upgrade to the 881W. I've asked for 1041N's to be added to the budget in both 2012 and 2013, but none of materialized in our stake. So I anticipate working in this mixed environment until the Millennium. We have the money set aside in the budget for our stake, but then spent on other stake's meetinghouses that chose to install commercial based wireless access points, while our stake implemented Cisco 12xx series - it's hard to stomach at times. I just have to hope that all those other stakes appreciate their upgrades (that they didn't ask for - don't think I don't know that either it is very true that our stake has pushed our FMG in this area, but that no other stakes have been) and hope for the day that our meetinghouses will have better implementations.

Couple of things I've noticed, all my 12xx series WAP's are now all on the same channel in the meetinghouse, and since the automation on the 881W typically puts it on Channel 1, now I have 3 WAP's in some meetinghouses all on Channel 1 - it would be nice if when they were re-scripted the WAP's would be configured with the Channel they were on when I was in charge of doing this work. But, that is asking a bit much for a FMG and the GSD both working with minimal need to be responsive to end users. Or it requires more work from me, and the time it took me in 2010 to implement all of these was quite difficult and extensive, rather have it done right the first time.
“A long habit of not thinking a thing wrong, gives it a superficial appearance of being right, and raises at first a formidable outcry in defense of custom.”

― Thomas Paine, Common Sense

User avatar
aebrown
Community Administrator
Posts: 14685
Joined: Tue Nov 27, 2007 8:48 pm
Location: Sandy, Utah

Re: replacement for Cisco ASA 5505

Postby aebrown » Tue Jan 15, 2013 6:05 am

JohnShaw wrote:Couple of things I've noticed, all my 12xx series WAP's are now all on the same channel in the meetinghouse, and since the automation on the 881W typically puts it on Channel 1, now I have 3 WAP's in some meetinghouses all on Channel 1 - it would be nice if when they were re-scripted the WAP's would be configured with the Channel they were on when I was in charge of doing this work.

Our stake center has older Aironet 1200 WAPs with a new 881W. The GSD scripted it to use three different channels, and it works very nicely as I move from zone to zone. So it's certainly possible for the GSD to do it right. I suppose it depends on which technician you happen to get.

User avatar
johnshaw
Senior Member
Posts: 1834
Joined: Fri Jan 19, 2007 1:55 pm
Location: Syracuse, UT

Re: replacement for Cisco ASA 5505

Postby johnshaw » Tue Jan 15, 2013 9:28 am

I just got a proactive call from the GSD offering to fix the environment. I wanted to post that this group reached out to me to fix the issue and how FANTASTIC I think this is. What a GREAT service this board is and can be with this type of interaction.

Since I'm an equal opportunity 'calls em as I sees em' person I want everyone to know that reads this post that the GSD did reach out and how grateful I am for that!!!

Great Job GSD!!!
“A long habit of not thinking a thing wrong, gives it a superficial appearance of being right, and raises at first a formidable outcry in defense of custom.”

― Thomas Paine, Common Sense


Return to “Meetinghouse Internet”

Who is online

Users browsing this forum: No registered users and 1 guest