Solved: Cannot access outside from guestwifi (dmz)

Chad Campbell · ‎07-02-2015

Guys,

I am trying to create a guestwifi, but it does not seem to work, i will post my configurations below. Please let me know any additional information.

ASA Version 8.2(1)

interface GigabitEthernet0/3
nameif guestwifi
security-level 5
ip address 192.168.175.1 255.255.255.0

global (guestwifi) 1 interface

dhcpd dns 8.8.8.8 8.8.4.4
dhcpd lease 86400
dhcpd option 3 ip 192.168.175.1
!
dhcpd address 192.168.175.10-192.168.175.253 guestwifi
dhcpd enable guestwifi

MonogramASA# packet-tracer input guestwifi icmp 192.168.175.12 0 0 216.58.216.110

Phase: 1

Type: ACCESS-LIST

Subtype:

Result: ALLOW

Config:

Implicit Rule

Additional Information:

MAC Access list

Phase: 2

Type: FLOW-LOOKUP

Subtype:

Result: ALLOW

Config:

Additional Information:

Found no matching flow, creating a new flow

Phase: 3

Type: ROUTE-LOOKUP

Subtype: input

Result: ALLOW

Config:

Additional Information:

in 0.0.0.0 0.0.0.0 outside

Phase: 4

Type: IP-OPTIONS

Subtype:

Result: ALLOW

Config:

Additional Information:

Phase: 5

Type: INSPECT

Subtype: np-inspect

Result: ALLOW

Config:

Additional Information:

Phase: 6

Type: FLOW-CREATION

Subtype:

Result: ALLOW

Config:

Additional Information:

New flow created with id 10836954, packet dispatched to next module

Result:

input-interface: guestwifi

input-status: up

input-line-status: up

output-interface: outside

output-status: up

output-line-status: up

Action: allow

johnd2310 · ‎07-02-2015

Do you have something like global (outside) 1 interface? If so, then the NAT statement would be

nat(guestwifi)1 192.168.175.0 255.255.255.0

i don't this you need global (guestwifi) 1 interface

Thanks

John

**Please rate posts you find helpful**

View solution in original post

johnd2310 · ‎07-02-2015

HI,

Need more infor on your configuration. is the wireless access point configuration okay? Do you have a NAT device between Internet and firewall and is it configure okay?

Thanks

John

**Please rate posts you find helpful**

Chad Campbell · ‎07-02-2015

Thanks John, The devices connects to the AP and gets a DHCP address successfully from the ASA, but are not able to access the internet through the outside interface. What do you mean do I have a NAT device?

johnd2310 · ‎07-02-2015

Hi,

Is the firewall connected to the Internet or do you have another device between the firewall and the Internet?

thanks

John

**Please rate posts you find helpful**

Chad Campbell · ‎07-02-2015

The firewall is directly connected to the internet.

johnd2310 · ‎07-02-2015

Hi,

IS this correct global (guestwifi) 1 interface? Where is the NAT config for the 192.168.175.0/24 network?

Thanks

John

**Please rate posts you find helpful**

Chad Campbell · ‎07-02-2015

John,

I did not include 1, I thought the global nat statement would have covered the NAT (i guess not), but I do no have a NAT config for that network, can you give me a simple command to show me what it should look like?

johnd2310 · ‎07-02-2015

Do you have something like global (outside) 1 interface? If so, then the NAT statement would be

nat(guestwifi)1 192.168.175.0 255.255.255.0

i don't this you need global (guestwifi) 1 interface

Thanks

John

**Please rate posts you find helpful**

Chad Campbell · ‎07-02-2015

Thanks John, I did see that and I just entered the command you recommended, I will have my team to test, while I wait I am going to find some videos about natting.

I will let you know, thanks again.

Chad Campbell · ‎07-03-2015

Thanks John this work!