Dear networking experts,
I have an ASA 5506-X and I use ASDM to manage the ASA. My end goal is to have a user connected to my Guest WIFI network access a host on my internal network. The job of the host is to authenticate the guest users and allow them to access the internet once the guest accepts our TOS.
Background Info:
I have multiple interfaces on the ASA, but the main focus is on 3 of them.
Interface 1/2 - Inside security level 100
Interface 1/2.30 - GuestWifi (vlan30) security level 40
Intterface 1/3 - COMCAST (outside network) security level 0
GuestWIFI vlan uses a different subnet than the inside interface and uses the ASA as a DHCP server to issue IP address to clients. Right now, everything works, the users are able to connect to the guest wifi and obtain an IP address and surf the web. However, I want the guest users to accept a TOS before accessing the internet. The TOS is a web application installed on a server that is connected to the inside network. By default, in the guest interface, there is an Implicit rule created that will allow traffic from any source to any destination with a less secure network, see the image below. With this rule in place internet connectivity works, but the host is not accessible via the Guest Wifi. When I create an ACL to allow traffic destined for port 8843, it overrides the Implicit rule, and therefore the internet connectivity stops working. How do I keep the internet connectivity as wells allow clients to access the host to authenticate and accept the TOS?
The NAT Rules are below:
The ACL:
Accepted Solutions
