topic Cannot access outside from guestwifi (dmz) in Network Security

Cannot access outside from guestwifi (dmz)

Chad Campbell — Tue, 12 Mar 2019 06:13:02 GMT

Guys,

I am trying to create a guestwifi, but it does not seem to work, i will post my configurations below. Please let me know any additional information.

ASA Version 8.2(1)

interface GigabitEthernet0/3
nameif guestwifi
security-level 5
ip address 192.168.175.1 255.255.255.0

global (guestwifi) 1 interface

dhcpd dns 8.8.8.8 8.8.4.4
dhcpd lease 86400
dhcpd option 3 ip 192.168.175.1
!
dhcpd address 192.168.175.10-192.168.175.253 guestwifi
dhcpd enable guestwifi

MonogramASA# packet-tracer input guestwifi icmp 192.168.175.12 0 0 216.58.216.110

Phase: 1

Type: ACCESS-LIST

Subtype:

Result: ALLOW

Config:

Implicit Rule

Additional Information:

MAC Access list

Phase: 2

Type: FLOW-LOOKUP

Subtype:

Result: ALLOW

Config:

Additional Information:

Found no matching flow, creating a new flow

Phase: 3

Type: ROUTE-LOOKUP

Subtype: input

Result: ALLOW

Config:

Additional Information:

in 0.0.0.0 0.0.0.0 outside

Phase: 4

Type: IP-OPTIONS

Subtype:

Result: ALLOW

Config:

Additional Information:

Phase: 5

Type: INSPECT

Subtype: np-inspect

Result: ALLOW

Config:

Additional Information:

Phase: 6

Type: FLOW-CREATION

Subtype:

Result: ALLOW

Config:

Additional Information:

New flow created with id 10836954, packet dispatched to next module

Result:

input-interface: guestwifi

input-status: up

input-line-status: up

output-interface: outside

output-status: up

output-line-status: up

Action: allow

HI,Need more infor on your

johnd2310 — Thu, 02 Jul 2015 23:29:12 GMT

HI,

Need more infor on your configuration. is the wireless access point configuration okay? Do you have a NAT device between Internet and firewall and is it configure okay?

Thanks

John

Thanks John, The devices

Chad Campbell — Thu, 02 Jul 2015 23:39:19 GMT

Thanks John, The devices connects to the AP and gets a DHCP address successfully from the ASA, but are not able to access the internet through the outside interface. What do you mean do I have a NAT device?

Hi,Is the firewall connected

johnd2310 — Thu, 02 Jul 2015 23:42:29 GMT

Hi,

Is the firewall connected to the Internet or do you have another device between the firewall and the Internet?

thanks

John

The firewall is directly

Chad Campbell — Thu, 02 Jul 2015 23:43:54 GMT

The firewall is directly connected to the internet.

Hi,IS this correct global

johnd2310 — Thu, 02 Jul 2015 23:58:40 GMT

Hi,

IS this correct global (guestwifi) 1 interface? Where is the NAT config for the 192.168.175.0/24 network?

Thanks

John

John, I did not include 1, I

Chad Campbell — Fri, 03 Jul 2015 00:06:00 GMT

John,

I did not include 1, I thought the global nat statement would have covered the NAT (i guess not), but I do no have a NAT config for that network, can you give me a simple command to show me what it should look like?

Do you have something like

johnd2310 — Fri, 03 Jul 2015 00:20:48 GMT

Do you have something like global (outside) 1 interface? If so, then the NAT statement would be

nat(guestwifi)1 192.168.175.0 255.255.255.0

i don't this you need global (guestwifi) 1 interface

Thanks

John

Thanks John, I did see that

Chad Campbell — Fri, 03 Jul 2015 00:26:32 GMT

Thanks John, I did see that and I just entered the command you recommended, I will have my team to test, while I wait I am going to find some videos about natting.

I will let you know, thanks again.

Thanks John this work!

Chad Campbell — Fri, 03 Jul 2015 16:10:57 GMT

Thanks John this work!