I have configured ASA 5520 for 3 Networks & one ISP.
1> Official proxy 172.16.1.0/24
2> Guest ( SSID) on controller network Office Area 10.156.250.0/24
3> GueSt ( SSID) on controller Network Accomodation Area.10.156.249.0/24
From accomodation area gueSt (10.156.249.0) configured on switch through route map and hitting to internal1 Interface on firewall, i am able to access and browse the internet but not from guest office area, although able to ping all external IP's for google/yahoo but not domain name so unable to browse.
Pls. help to resolve. Config is below.
interface GigabitEthernet0/0 description Connected to Office LAN network nameif internal0 security-level 100 ip address 172.16.1.1 255.255.255.252 ! interface GigabitEthernet0/1 description Connected to GUEST network nameif internal1 security-level 1 ip address 10.156.250.1 255.255.255.0 ! interface GigabitEthernet0/3 description ISP facing interface nameif external0 security-level 0 ip address 10.10.155.2 255.255.255.248 !
So the users connected to the subnet that is directly connected to the "internal1" interface can not do DNS lookups for some reason but their external connectivity is otherwise fine?
Have you confirmed that their network settings are correct so that the traffic is forwarded to the ASA? Are the DNS servers configured correct? Where are the DNS servers located at? Have you monitored logs through ASDM while attempting connections from the problematic Guest Office network?
Site to Site IPSec VPN with Dynamic IP Endpoint is typically used when we have a branch sites which obtains a dynamic public IP from the Internet ISP. For example an ADSL connection.One important note is that Site-to-Site VPN with Dynamic remote routers P...
On R1, configure a key ring that defines the peer R3:Address: 220.127.116.11Local and remote pre-shared key: cisco R1(config)#crypto ikev2 keyring KRR1(config-ikev2-keyring)# peer R3R1(config-ikev2-keyring-peer)# address 18.104.22.168R1(config-ikev2-keyring-pee...
This document shows how to use the Port Radius NAS PORT Id Attribute in a compound condition to control access with 802.1X.A user jdoe is allowed to access the network only through the physical port FastEthernet 0/1 of the switch and the user jwhite is al...
This document provides a configuration example of Security Assertion Markup Language (SAML) Authentication on FTD managed over FDM. The configuration allows Anyconnect users to establish a VPN session authenticating with a SAML Identity Serv...
DMVPN Dual Hub Dual Cloud Pros and ConsProsNo single point of failureQuick failover if routing protocols are tunedLoad balancing is easyTraffic engineering is easyEasy to work with multiple ISPsConsNeed 2 tunnels per spokeConfiguration is more complicated...