Tech Forum

How do you setup a wap on a Cisco pix firewall profided by the church. There is no sticker on the top to help you on the address. I hear that they have quit making these. Thanks for any help you can give.

mojo_jojo wrote:How do you setup a wap on a Cisco pix firewall profided by the church.

If it's truly just a WAP, then plug it in.

If it's a Router and WAP such as what one generally finds in the stores for home use, then you need to follow the instructions given in the thread.

mojo_jojo wrote:There is no sticker on the top to help you on the address.

Go to any computer directly connected to the firewall. Open a DOS box and type "ipconfig"

Look at the "Default Gateway". That is the IP address of the Cisco Router/Firewall. I think that's all you need to use the instructions upthread.

mojo_jojo wrote:How do you setup a wap on a Cisco pix firewall profided by the church. There is no sticker on the top to help you on the address. I hear that they have quit making these. Thanks for any help you can give.

The Church did install some wireless networks for buildings that use the Cisco Pix firewall. These typically used Cisco Aironet 1200 WAPs. If you have one of those, then the whole setup (firewall and WAPs) is supported by the GSD.

If you don't have a Church-managed wireless network, your stake president can choose to authorize and fund one to be managed by the stake technology specialist. If you go this route, it might be easiest to get your own router that you would place behind the firewall and then connect additional WAPs (or routers with DHCP disabled that can function as WAPs) to that router to create your own wireless network. Then your own router would be the DHCP server and the router and WAPs would be on your own subnet, and so you wouldn't have to be concerned with how the Pix is configured.

We have a Pix 501 firewall, that is limited to 10 licences. On a temporary basis until we can obtain a new firewall, I'm proposing to connect a Tp-Link TL-WR543G wireless router, after the firewall, to connect our FHC and clerks computers onto a subnet seperate from the existing WAP's. I'm working on the assumption that the router will only take up one licence and that all the computers, on this network, will share that licence, leaving the rest available for other users.

Firstly is this viable? Secondly what should I set or disable in DHCP etc.?

I can find the IP addresses, following the excellent instructions, in the previous posts.

Before anyone suggests trying to get additional licences, I have already been down that route without success!

Thanks in advance for any advice

@Biggles,

I'd run with default settings on the router with the exception of using WPA security on the wireless (unless you turn the WAP off.)b

FHC computer to use the church portal MUST have a church IP from the PIX they also need a church IP to run landesk in a FHC

KenRichins wrote:FHC computer to us the church portal MUST have a church IP from the PIX they also need a church IP to run landesk in a FHC

First I've heard of that. I can see how LANDesk remote might not work.

RussellHltn wrote:First I've heard of that. I can see how LANDesk remote might not work.

Also with the family history center, there might be a section on a website that needs to know about certain things to work properly, not sure.

Second, I hear what you are saying, but for me, I don't like the idea of setting up a second router with a different IP address, unless you don't do NATTING. I don't like the idea of doing double natting, because that, in my book, can cause a lot of issues. Now if you can get it set up so that you don't do Natting then I have no problem with it.

To me double Natting adds a complexity to the network that doesn't need to be there and makes troubleshooting at some point down the road more difficult. In the network world simpler is better. But to do things without Natting, means that you will need to set up a routing protocol and that would need to be worked with the global service desk.

Hope this help

harddrive wrote:Second, I hear what you are saying, but for me, I don't like the idea of setting up a second router with a different IP address, unless you don't do NATTING. I don't like the idea of doing double natting, because that, in my book, can cause a lot of issues. Now if you can get it set up so that you don't do Natting then I have no problem with it.

Well, the current problem is the firewall won't allow more then 10 users to reach the Internet. Without natting behind the firewall, I don't see how you can reduce the number of users it sees. Yes, there may be downsides, but at the moment that 10 user limit is the biggest problem. I say try it. The worst that can happen is something doesn't work.

It sticks in my mind that in the early days of setting up systems they used wireless routers for WAPs. I don't recall any stories of problems.

RussellHltn wrote:Well, the current problem is the firewall won't allow more then 10 users to reach the Internet. Without natting behind the firewall, I don't see how you can reduce the number of users it sees. Yes, there may be downsides, but at the moment that 10 user limit is the biggest problem. I say try it. The worst that can happen is something doesn't work.

It sticks in my mind that in the early days of setting up systems they used wireless routers for WAPs. I don't recall any stories of problems.

That is interesting because I thought that the firewalls came with a 50 user license. I have all my units and these include family history centers on one pix and it works fine. I know that they have more than 10 computers on them.