I just inherited this environment and came across a problem. We have Vlan20 set up 192.168.20.x for guest wireless and this should not be able to access our private network Vlan10 100.x.x.x. We have cisco 3750x switches and i do not see ip routing set. So i do not see how this is possible. Any help would be really great!!!!!

Here is my switch config. port g1/0/46 has one of our aironets connected

no service pad
service timestamps debug datetime msec
service timestamps log datetime localtime
service password-encryption
service sequence-numbers
boot-start-marker
boot-end-marker
aaa new-model
aaa session-id common
clock timezone EST -5
clock summer-time EDT recurring
switch 1 provision ws-c3750x-48
switch 2 provision ws-c3750x-48
switch 3 provision ws-c3750x-48
switch 4 provision ws-c3750x-48
switch 5 provision ws-c3750x-48
system mtu routing 1500
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
interface GigabitEthernet1/0/46
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 10
 switchport trunk allowed vlan 10,20
 switchport mode trunk
interface GigabitEthernet1/1/1
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 10
 switchport trunk allowed vlan 10,20
 switchport mode trunk
interface GigabitEthernet1/1/2
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 10
 switchport trunk allowed vlan 10,20
 switchport mode trunk
interface GigabitEthernet1/1/3
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 10
 switchport trunk allowed vlan 10,20
 switchport mode trunk
interface Vlan1
 ip address dhcp
 shutdown
interface Vlan10
 ip address 100.100.10.235 255.255.254.0
interface Vlan20
 no ip address
ip default-gateway 100.100.10.254
ip classless
no ip http server
ip http secure-server
ip sla enable reaction-alerts
logging trap errors
logging facility syslog
logging 100.100.10.213
monitor session 1 source vlan 10
monitor session 1 destination interface Gi1/0/47
ntp server 100.100.10.254
end

and this is the ASA

xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain

no names

!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
 switchport access vlan 10
!
interface Ethernet0/2
 switchport access vlan 20
!
interface Ethernet0/3
 switchport access vlan 30
!
interface Ethernet0/4
 switchport access vlan 30
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
 shutdown
 no nameif
 security-level 100
 no ip address
!
interface Vlan2
 nameif outside
 security-level 0
 ip address External Adress
!
interface Vlan3
 shutdown
 no nameif
 security-level 50
 no ip address
!
interface Vlan10
 nameif inside
 security-level 100
 ip address 100.100.10.254 255.255.254.0
!
interface Vlan20
 nameif guestnet
 security-level 50
 ip address 192.168.20.254 255.255.255.0
!
interface Vlan30
 nameif DMZ
 security-level 50
 ip address 192.168.30.254 255.255.255.0
!

access-list inside_access_in extended deny tcp host 100.100.10.242 any eq www
access-list inside_access_in extended deny tcp host 100.100.10.240 any eq www
access-list inside_access_in extended deny tcp host 100.100.10.208 any eq www
access-list inside_access_in extended deny tcp host 100.100.10.204 any eq www
access-list inside_access_in extended permit ip any any
access-list dmz_access_in extended permit tcp any4 object CITRIX eq 1433
access-list dmz_access_in extended permit tcp any4 object 100.100.10.3 eq ftp
access-list dmz_access_in extended permit tcp any4 object MAIL eq smtp
access-list dmz_access_in extended permit tcp any4 host 100.100.10.230 eq 1743
access-list dmz_access_in extended permit tcp any4 host 100.100.10.230 eq 1745
access-list dmz_access_in extended permit object-group TCPUDP any4 host 100.100.10.253 object-group APC_Ports
access-list dmz_access_in extended permit icmp any4 any4
access-list dmz_access_in extended permit ip any4 any4
access-list guestnet_access_in extended permit tcp any4 host 100.100.10.219 eq www inactive
access-list guestnet_access_in extended permit tcp any4 host 100.100.10.219 eq https inactive
access-list guestnet_access_in extended permit tcp any4 host 100.100.10.214 eq domain inactive
access-list guestnet_access_in extended permit ip any4 any4
access-list outside_access_in extended permit tcp any4 host 100.100.10.218 eq www
access-list outside_access_in extended permit tcp any4 host 100.100.10.218 eq https
access-list outside_access_in extended permit tcp any4 object 100.100.10.10 eq smtp
access-list outside_access_in extended permit tcp any4 host 100.100.10.219 eq www
access-list outside_access_in extended permit tcp any4 host 100.100.10.219 eq https
access-list outside_access_in extended permit tcp any4 host 100.100.10.146 eq 493
access-list outside_access_in extended permit icmp any4 any4 echo-reply
access-list outside_access_in extended permit icmp any4 any4 time-exceeded
access-list outside_access_in extended permit icmp any4 any4 unreachable
access-list outside_access_in extended permit tcp any4 host 192.168.30.10 eq www
access-list outside_access_in extended permit tcp any4 host 192.168.30.10 eq https
access-list outside_access_in extended permit tcp any4 host 100.100.10.54 eq 100
access-list outside_access_in extended permit tcp any4 host 100.100.10.55 eq hostname

route outside 0.0.0.0 0.0.0.0 externaladdress 1