Solved: Thanks Sebastian!! I will try

fofanah78 · ‎09-30-2016

I’m looking for a solution to have my wireless clients on Location 2 with internet only access, but at the same time my AP can pull a DHCP address from my internal server. Location 2 internet access is thru Location 1 ASA. I will really appreciate your help.

Location 1 WLC 2504 is connected to ASA and Core 3650

Location 2 WLC 2504 connected to a Core 3650 no ASA firewall.

Sebastian Helmer · ‎09-30-2016

I would use an ssid in central switch mode so no flex connect enabled for that ssid. Create an anchor between both wlcs so that traffic for that ssid from location without the asa will forward traffic to wlc with asa, wlc "internal" and on that wlc create an interface in a vlan that is connected to your asa where u apply the proper rules.

View solution in original post

Sebastian Helmer · ‎09-30-2016

I would use an ssid in central switch mode so no flex connect enabled for that ssid. Create an anchor between both wlcs so that traffic for that ssid from location without the asa will forward traffic to wlc with asa, wlc "internal" and on that wlc create an interface in a vlan that is connected to your asa where u apply the proper rules.

fofanah78 · ‎10-03-2016

Thanks Sebastian!! I will try this and let you know.

fofanah78 · ‎10-07-2016

Sebastian your are awesome!! Thank you!!

Configuring VLan for Internet Only Traffic