access to wireless behind firewall

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
jworth-p40
New Member
Posts: 48
Joined: Thu Sep 11, 2008 7:34 pm
Location: Washington, IL

access to wireless behind firewall

Postby jworth-p40 » Wed Jul 22, 2009 7:42 am

I have installed a WRT150N Linksys router/wireless device on the outgoing side of the ASA 5500 and can connect to the internet through it. I need to encrypt the connection but the standard 192.168.1.1 gets me into the Verizon modem/router.

I have made a wired connection to the device and changed it to 192.168.1.2 so that I can access it but any and all addresses (192.168.1.1 and 1.2), even the first available IP address the firewall should be assigning it (10.217.12.226) has the same result.

UPDATE: For whatever reason, I can connect to it wired using a LAN port and set it up but I can't get back into it wirelessly using the 192.168.1.2 IP address. My concern is when I need to change the encryption, I will have to do the same thing again, connect to it wired.

I tried using all of the IP addresses that are reserved after the firewall address (10.217.12.226-231) with the same result.

Any ideas?

russellhltn
Community Administrator
Posts: 20754
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Wed Jul 22, 2009 11:26 am

First, if the Verizon modem/router is also a wireless access point, you need to disable the wireless part.

Second, I'm unclear as to what you mean by connecting to the "outgoing" side of the church firewall. By policy, all Internet traffic goes though the firewall. There should be nothing between the church firewall and the Verizon modem.

Once we've made sure those two things are right, we can move on.
Have you searched the Wiki?
Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

User avatar
Mikerowaved
Community Moderators
Posts: 3131
Joined: Sun Dec 23, 2007 12:56 am
Location: Layton, UT

Postby Mikerowaved » Wed Jul 22, 2009 11:26 am

jworth wrote:I have installed a WRT150N Linksys router/wireless device on the outgoing side of the ASA 5500...

Can you please define "outgoing side"? Is this the WAN side where the modem is, or the LAN side where the computers and such are connected?
So we can better help you, please edit your Profile to include your general location.

jdlessley
Community Moderators
Posts: 6526
Joined: Sun Mar 16, 2008 11:30 pm
Location: USA, TX

Postby jdlessley » Wed Jul 22, 2009 12:05 pm

The WRT150N should be connected to the Cisco ASA 5505 with a cable running from a LAN port on the ASA and then to a LAN port on the WRT150N. Do not connect to the WRT150N using its WAN or Internet port. The DHCP server of the WRT150N should be disabled. A good IP address to assign the WRT150N is one of the five IP addresses immediately following the IP address of the ASA, which is written on a sticker pn the outside of the device. (Alternatively if there is a computer connected to the ASA you can use ipconfig from the command prompt to find out the ASA's IP address.) These IP addresses are not used by the ASA's DHCP server and therefore can be assigned to devices such as WAPs for their static IP address.
JD Lessley
Have you tried finding your answer on the LDS.org Help Center page or the LDSTech wiki?

jworth-p40
New Member
Posts: 48
Joined: Thu Sep 11, 2008 7:34 pm
Location: Washington, IL

Postby jworth-p40 » Wed Jul 22, 2009 3:17 pm

RussellHltn wrote:First, if the Verizon modem/router is also a wireless access point, you need to disable the wireless part.

Second, I'm unclear as to what you mean by connecting to the "outgoing" side of the church firewall. By policy, all Internet traffic goes though the firewall. There should be nothing between the church firewall and the Verizon modem.

Once we've made sure those two things are right, we can move on.



The wireless router in the Verizon modem was disabled.

I meant the LAN connection on the wireless device and not the Internet connection.

jworth-p40
New Member
Posts: 48
Joined: Thu Sep 11, 2008 7:34 pm
Location: Washington, IL

Postby jworth-p40 » Wed Jul 22, 2009 3:18 pm

Mikerowaved wrote:Can you please define "outgoing side"? Is this the WAN side where the modem is, or the LAN side where the computers and such are connected?


It goes from the Verizon modem to the ASA 5500 and from there, the wireless device connects to port 1 on the firewall.

jworth-p40
New Member
Posts: 48
Joined: Thu Sep 11, 2008 7:34 pm
Location: Washington, IL

Postby jworth-p40 » Wed Jul 22, 2009 3:20 pm

jdlessley wrote:The WRT150N should be connected to the Cisco ASA 5505 with a cable running from a LAN port on the ASA and then to a LAN port on the WRT150N. Do not connect to the WRT150N using its WAN or Internet port. The DHCP server of the WRT150N should be disabled. A good IP address to assign the WRT150N is one of the five IP addresses immediately following the IP address of the ASA, which is written on a sticker pn the outside of the device. (Alternatively if there is a computer connected to the ASA you can use ipconfig from the command prompt to find out the ASA's IP address.) These IP addresses are not used by the ASA's DHCP server and therefore can be assigned to devices such as WAPs for their static IP address.


Yes, that is how I connected the firewall, from the LAN port on the ASA to a LAN port on the WRT150N. DCHP is disabled and the IP address of 10.217.12.226 is assigned to it with the firewall IP address being 12.217.12.225

jworth-p40
New Member
Posts: 48
Joined: Thu Sep 11, 2008 7:34 pm
Location: Washington, IL

Postby jworth-p40 » Wed Jul 22, 2009 3:24 pm

The issue is to change the encryption on the wireless device, I should be able to connect to it using the assigned IP address of 192.168.1.2 so as not to conflict with the Verizon modem/router but it gives me an invalid IP address doing that way.

If I connect with a cable to one of the ports on the WRT150N, I can get into it.

The websites that can be reached from it are being filtered by the firewall but there is no encryption on it.

Is there something that I am missing?

russellhltn
Community Administrator
Posts: 20754
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Wed Jul 22, 2009 4:52 pm

jworth wrote:The issue is to change the encryption on the wireless device, I should be able to connect to it using the assigned IP address of 192.168.1.2 so as not to conflict with the Verizon modem/router but it gives me an invalid IP address doing that way.


That's not going to work. The Firewall is also a router. You need to assign a IP address that's within your subnet. 192.168.x.x is outside of the subnet.

What's is being assigned 10.217.12.226?
Have you searched the Wiki?

Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

jworth-p40
New Member
Posts: 48
Joined: Thu Sep 11, 2008 7:34 pm
Location: Washington, IL

Postby jworth-p40 » Wed Jul 22, 2009 6:13 pm

RussellHltn wrote:That's not going to work. The Firewall is also a router. You need to assign a IP address that's within your subnet. 192.168.x.x is outside of the subnet.

What's is being assigned 10.217.12.226?


I assigned the wireless device the 10.217.12.226 address. The desktop machine in the clerks' office has the address of 10.217.12.231. In previous threads, I was told that needed to be a static address within five higher IP addresses with DHCP turned off so the firewall assigns the addresses.

So, the assigned IP address should be the address used to access the wireless device?


Return to “Meetinghouse Internet”

Who is online

Users browsing this forum: No registered users and 1 guest