Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
763
Views
2
Helpful
6
Replies

Connecting BT home hub as AP to ASA

Go to solution
Psmurali89
Spotlight
Spotlight

‎03-17-2024 12:32 PM

Hi All, 

Am using ASA firewall to connect to BT broadband using PPPoE. It works fine now, I want to use the BT home hub as AP. I done the below steps but it looks like am still missing something. 

* Disabled DHCP server in BT home hub. 

* Enabled DHCP server in ASA and connected cable from port0/1 to LAN port in AP. 

* Configured Access rule and NAT. 

* Rebooted the AP. 

After this, the devices cant connect to Internet - it says connected to WiFi with no internet access. 

not sure what am missing here - any help is much appreciated. 

1 Accepted Solution

Accepted Solutions

Go to solution
Sheraz.Salim
VIP Alumni
VIP Alumni
In response to Psmurali89

‎03-18-2024 01:48 PM

Looking into your packet capture its seem there is activity going on. Can you send ping to 8.8.8.8 from your device once connected to AP?

you need to define DNS in your dhcpd

dhcpd address 192.168.1.65-192.168.1.250 Wi-Fi
dhcpd dns  208.67.222.222 208.67.220.220
dhcpd enable Wi-Fi

 I think you get connected to internet but due to not having dns configuration you are not able to browse. hence you would be able to ping 8.8.8.8 etc.

please do not forget to rate.

View solution in original post

6 Replies 6

Go to solution
MHM Cisco World
VIP
VIP

‎03-17-2024 01:25 PM

capture PACK interface <interface connect to AP>
show capture PACK

check if your ASA receive any traffic from AP

MHM

0 Helpful

Go to solution
Psmurali89
Spotlight
Spotlight
In response to MHM Cisco World

‎03-17-2024 02:57 PM

Hi, 

Below is the logs. 

It looks ok and i can see the hits in the firewall. The mobile can connect to wi-fi but there is no internet access. 

808: 21:16:55.344983 18.185.182.159.443 > 192.168.1.67.46289: S 3220082644:3220082644(0) ack 314148135 win 65535 <mss 1380,sackOK,timestamp 2370511328 1306614165,nop,wscale 9>
809: 21:16:55.358547 192.168.1.67.46289 > 18.185.182.159.443: . ack 3220082645 win 4015 <nop,nop,timestamp 1306614199 2370511328>
810: 21:16:55.359051 192.168.1.67.46289 > 18.185.182.159.443: P 314148135:314148495(360) ack 3220082645 win 4015 <nop,nop,timestamp 1306614200 2370511328>
811: 21:16:55.379176 18.185.182.159.443 > 192.168.1.67.46289: . ack 314148495 win 131 <nop,nop,timestamp 2370511362 1306614200>
812: 21:16:55.379252 18.185.182.159.443 > 192.168.1.67.46289: P 3220082645:3220082792(147) ack 314148495 win 131 <nop,nop,timestamp 2370511362 1306614200>
813: 21:16:55.386591 192.168.1.67.46289 > 18.185.182.159.443: . ack 3220082792 win 4006 <nop,nop,timestamp 1306614227 2370511362>
814: 21:16:55.388880 192.168.1.67.46289 > 18.185.182.159.443: P 314148495:314148501(6) ack 3220082792 win 4006 <nop,nop,timestamp 1306614228 2370511362>
815: 21:16:55.458869 18.185.182.159.443 > 192.168.1.67.46289: . ack 314148501 win 131 <nop,nop,timestamp 2370511442 1306614228>
816: 21:16:55.471899 192.168.1.67.46289 > 18.185.182.159.443: P 314148501:314149104(603) ack 3220082792 win 4006 <nop,nop,timestamp 1306614307 2370511442>
817: 21:16:55.491933 18.185.182.159.443 > 192.168.1.67.46289: . ack 314149104 win 133 <nop,nop,timestamp 2370511475 1306614307>
818: 21:16:55.495869 18.185.182.159.443 > 192.168.1.67.46289: P 3220082792:3220083218(426) ack 314149104 win 133 <nop,nop,timestamp 2370511478 1306614307>
819: 21:16:55.521075 192.168.1.67.46289 > 18.185.182.159.443: F 314149104:314149104(0) ack 3220083218 win 4006 <nop,nop,timestamp 1306614360 2370511478>
820: 21:16:55.541063 18.185.182.159.443 > 192.168.1.67.46289: P 3220083218:3220083249(31) ack 314149105 win 133 <nop,nop,timestamp 2370511524 1306614360>
821: 21:16:55.541079 18.185.182.159.443 > 192.168.1.67.46289: F 3220083249:3220083249(0) ack 314149105 win 133 <nop,nop,timestamp 2370511524 1306614360>
822: 21:16:55.638928 18.185.182.159.443 > 192.168.1.67.46289: F 3220083249:3220083249(0) ack 314149105 win 133 <nop,nop,timestamp 2370511622 1306614360>
823: 21:16:55.857362 192.168.1.67.46289 > 18.185.182.159.443: R 314149105:314149105(0) win 0
824: 21:16:55.857377 192.168.1.67.46289 > 18.185.182.159.443: R 314149105:314149105(0) win 0
825: 21:16:57.066036 192.168.1.72.49157 > 3.33.245.2.443: P 22614:23131(517) ack 1437186323 win 13265
826: 21:16:57.121102 3.33.245.2.443 > 192.168.1.72.49157: . ack 23131 win 65535
827: 21:16:57.128685 192.168.1.72.49157 > 3.33.245.2.443: P 23131:23408(277) ack 1437186323 win 13265
828: 21:16:57.142723 3.33.245.2.443 > 192.168.1.72.49157: . ack 23408 win 65535
829: 21:16:57.172979 3.33.245.2.443 > 192.168.1.72.49157: P 1437186323:1437186568(245) ack 23408 win 65535
830: 21:16:57.336133 192.168.1.72.49157 > 3.33.245.2.443: . ack 1437186568 win 13020
831: 21:16:58.885330 arp who-has 192.168.1.10 tell 192.168.1.69
832: 21:16:58.885375 arp reply 192.168.1.10 is-at 6c:20:56:be:40:94
833: 21:17:02.092448 192.168.1.72.49156 > 3.33.245.2.443: . ack 99971815 win 13366
834: 21:17:02.105814 3.33.245.2.443 > 192.168.1.72.49156: . ack 10342 win 65535
835: 21:17:07.593902 192.168.1.72.49157 > 3.33.245.2.443: . ack 1437186568 win 13020
836: 21:17:07.607863 3.33.245.2.443 > 192.168.1.72.49157: . ack 23408 win 65535
837: 21:17:12.598403 192.168.1.72.49156 > 3.33.245.2.443: . ack 99971815 win 13366
838: 21:17:12.611784 3.33.245.2.443 > 192.168.1.72.49156: . ack 10342 win 65535

--------------

 

ciscoasa# sh run | i Wi-Fi
nameif Wi-Fi
object network Wi-Fi
access-list Wi-Fi_access_in extended permit ip 192.168.1.0 255.255.255.0 any
mtu Wi-Fi 1500
object network Wi-Fi
nat (Wi-Fi,Outside) dynamic interface
access-group Wi-Fi_access_in in interface Wi-Fi
dhcpd address 192.168.1.65-192.168.1.250 Wi-Fi
dhcpd enable Wi-Fi
ciscoasa#

ciscoasa# sh run | i name-server
name-server 8.8.8.8
name-server 8.8.4.4

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to Psmurali89

‎03-17-2024 03:16 PM 

sysopt connection tcp-mss 1300

If not work Can I see 

Show conn

Show asp drop

MHM

 

0 Helpful

Go to solution
Sheraz.Salim
VIP Alumni
VIP Alumni
In response to Psmurali89

‎03-18-2024 01:48 PM

Looking into your packet capture its seem there is activity going on. Can you send ping to 8.8.8.8 from your device once connected to AP?

you need to define DNS in your dhcpd

dhcpd address 192.168.1.65-192.168.1.250 Wi-Fi
dhcpd dns  208.67.222.222 208.67.220.220
dhcpd enable Wi-Fi

 I think you get connected to internet but due to not having dns configuration you are not able to browse. hence you would be able to ping 8.8.8.8 etc.

please do not forget to rate.

Go to solution
Psmurali89
Spotlight
Spotlight
In response to Sheraz.Salim

‎03-19-2024 10:49 AM

Hi. 

Yes, you are correct.. I didnt realize to use DNS in the DHCP. Additionally i also needed to turn off the firewall in BT modem and reboot. Thank you very much for your help. 

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to Psmurali89

‎03-19-2024 10:56 AM

192.168.1.72.49157 > 3.33.245.2.443: P

This traffic to https and there is public IP so I dont think it was dns issue it is FW of bt.

MHM

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card