Solved: Hello Jonathan,Question? is

Jonathan Forbes · ‎07-17-2015

Hello We have a cisco asa with internet working fine for inside users. We have set up a guest zone on the firewall. We are trying to allow users from the guest network to access the internet. What command do I have to set up on the firewall to allow internet access from the guest network to the internet. Thanks

joseoroz · ‎07-17-2015

Hello Jonathan,

Question? is the guest network going to be behind a new interface?

If that is the case and the security level is higher than the public interface you will need only to setup NAT.

If you already have a global command and you want to use the same public IP for the NAT the configuration will look something like this.

NAT (inside) 1 0.0.0.0 0.0.0.0.0

NAT (guest-network) 1 0.0.0.0 0.0.0.0

Global (outside) 1 interface

View solution in original post

joseoroz · ‎07-17-2015

Hello Jonathan,

Question? is the guest network going to be behind a new interface?

If that is the case and the security level is higher than the public interface you will need only to setup NAT.

If you already have a global command and you want to use the same public IP for the NAT the configuration will look something like this.

NAT (inside) 1 0.0.0.0 0.0.0.0.0

NAT (guest-network) 1 0.0.0.0 0.0.0.0

Global (outside) 1 interface

Jonathan Forbes · ‎07-18-2015

The guest network is on a sub interface vlan on the firewall.

Do I need to make it different port instead of a vlan interface?

Thanks

joseoroz · ‎07-21-2015

Hello Jonathan,

When you create an interface or sub interface that will be a separate area. That means that you will need to create NAT and a new set of rules for it. (ej sec level nameif nat access-groups)

The example that I provided you still applies if you are using sub interfaces instead of the physical interface.

Regards,

Jose Orozco.

Cisco ASA 5510 VER 8.2