cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1183
Views
0
Helpful
9
Replies

Cannot access outside from guestwifi (dmz)

Chad Campbell
Level 1
Level 1

Guys,

 

I am trying to create a guestwifi, but it does not seem to work, i will post my configurations below. Please let me know any additional information.

ASA Version 8.2(1)

interface GigabitEthernet0/3
 nameif guestwifi
 security-level 5
 ip address 192.168.175.1 255.255.255.0


global (guestwifi) 1 interface


dhcpd dns 8.8.8.8 8.8.4.4
dhcpd lease 86400
dhcpd option 3 ip 192.168.175.1
!
dhcpd address 192.168.175.10-192.168.175.253 guestwifi
dhcpd enable guestwifi

 

 

 

MonogramASA# packet-tracer input guestwifi icmp 192.168.175.12 0 0 216.58.216.110

 

Phase: 1

Type: ACCESS-LIST

Subtype:

Result: ALLOW

Config:

Implicit Rule

Additional Information:

MAC Access list

 

Phase: 2

Type: FLOW-LOOKUP

Subtype:

Result: ALLOW

Config:

Additional Information:

Found no matching flow, creating a new flow

 

Phase: 3

Type: ROUTE-LOOKUP

Subtype: input

Result: ALLOW

Config:

Additional Information:

in   0.0.0.0         0.0.0.0         outside

 

Phase: 4

Type: IP-OPTIONS

Subtype:

Result: ALLOW

Config:

Additional Information:

 

Phase: 5

Type: INSPECT

Subtype: np-inspect

Result: ALLOW

Config:

Additional Information:

 

Phase: 6

Type: FLOW-CREATION

Subtype:

Result: ALLOW

Config:

Additional Information:

New flow created with id 10836954, packet dispatched to next module

 

Result:

input-interface: guestwifi

input-status: up

input-line-status: up

output-interface: outside

output-status: up

output-line-status: up

Action: allow

 

1 Accepted Solution

Accepted Solutions

Do you have something like global (outside) 1 interface? If so, then the NAT statement would be 

nat(guestwifi)1 192.168.175.0 255.255.255.0 

i don't this you need global (guestwifi) 1 interface

 

Thanks

John

**Please rate posts you find helpful**

View solution in original post

9 Replies 9

johnd2310
Level 8
Level 8

HI,

Need more infor on your configuration. is the wireless access point configuration okay? Do you have a NAT device between Internet and firewall and is it configure okay?

 

Thanks

John

**Please rate posts you find helpful**

Thanks John, The devices connects to the AP and gets a DHCP address successfully from the ASA, but are not able to access the internet through the outside interface. What do you mean do I have a NAT device?

Hi,

Is the firewall connected to the Internet or do you have another device between the firewall and the Internet?

thanks

John

**Please rate posts you find helpful**

The firewall is directly connected to the internet.

Hi,

IS this correct global (guestwifi) 1 interface? Where is the NAT  config for the 192.168.175.0/24 network?

 

Thanks

John

**Please rate posts you find helpful**

John,

 

I did not include 1, I thought the global nat statement would have covered the NAT (i guess not), but I do no have a NAT config for that network, can you give me a simple command to show me what it should look like?

Do you have something like global (outside) 1 interface? If so, then the NAT statement would be 

nat(guestwifi)1 192.168.175.0 255.255.255.0 

i don't this you need global (guestwifi) 1 interface

 

Thanks

John

**Please rate posts you find helpful**

Thanks John, I did see that and I just entered the command you recommended, I will have my team to test, while I wait I am going to find some videos about natting.

 

I will let you know, thanks again.

Chad Campbell
Level 1
Level 1

Thanks John this work!

Review Cisco Networking for a $25 gift card