I have a wireless Airport Extreme on Vlan3. My problem is that I can't get internet access from a wireless client which connects to the Airport which is on the DMZ. From my laptop which is connected to the Airport, I can ping the 5505. That's as far as I get.

Anyone see anything wrong here?

asa5505(config)# sh running-config

: Saved

:

ASA Version 8.4(2)

!

hostname asa5505

enable password ArKd0aXL.wihdyE3 encrypted

passwd ArKd0aXL.wihdyE3 encrypted

names

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

switchport access vlan 3

!

interface Ethernet0/6

!

interface Ethernet0/7

!

interface Vlan1

nameif inside

security-level 100

ip address 192.168.1.1 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address dhcp setroute

!

interface Vlan3

no forward interface Vlan1

nameif dmz

security-level 50

ip address 192.168.2.1 255.255.255.0

!

banner motd

boot system disk0:/asa842-k8.bin

ftp mode passive

dns domain-lookup inside

dns domain-lookup outside

dns server-group DefaultDNS

name-server 4.2.2.2

name-server 68.87.69.146

name-server 68.87.58.98

object network obj_any

subnet 0.0.0.0 0.0.0.0

access-list ACL_IN extended permit ip any any

access-list WAN_IN extended permit udp any eq domain any

pager lines 24

logging enable

logging timestamp

logging trap debugging

logging asdm informational

logging host inside 192.168.1.11

mtu inside 1500

mtu outside 1500

mtu dmz 1500

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-645-206.bin

no asdm history enable

arp timeout 14400

!

object network obj_any

nat (inside,outside) dynamic interface

access-group ACL_IN out interface inside

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

user-identity default-domain LOCAL

http server enable

http 192.168.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet timeout 5

ssh 192.168.1.11 255.255.255.255 inside

ssh timeout 30

ssh version 2

console timeout 0

dhcpd dns 68.87.58.98 68.86.69.146

dhcpd lease 43200

!

dhcpd address 192.168.1.100-192.168.1.131 inside

dhcpd enable inside

!

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

webvpn

username userme password QHdgfaYZbd0ksu7c encrypted privilege 15

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect netbios

  inspect rsh

  inspect rtsp

  inspect skinny 

  inspect esmtp

  inspect sqlnet

  inspect sunrpc

  inspect tftp

  inspect sip 

  inspect xdmcp

  inspect ip-options

!

service-policy global_policy global

prompt hostname context

no call-home reporting anonymous

call-home

profile CiscoTAC-1

  no active

  destination address http https://tools.cisco.com/its/service/oddce/services/De

  destination address email callhome@cisco.com

  destination transport-method http

  subscribe-to-alert-group diagnostic

  subscribe-to-alert-group environment

  subscribe-to-alert-group inventory periodic monthly

  subscribe-to-alert-group configuration periodic monthly

  subscribe-to-alert-group telemetry periodic daily

Cryptochecksum:8297c75f00efad37ae7fd3c091267e38

: end