Skip to main content

wireless router on dmz of 5505 problem

More
13 years 1 month ago #37630 by rrlangly
I have a wireless Airport Extreme on Vlan3. My problem is that I can't get internet access from a wireless client which connects to the Airport which is on the DMZ. From my laptop which is connected to the Airport, I can ping the 5505. That's as far as I get.

Anyone see anything wrong here?

Code:
asa5505(config)# sh running-config : Saved : ASA Version 8.4(2) ! hostname asa5505 enable password ArKd0aXL.wihdyE3 encrypted passwd ArKd0aXL.wihdyE3 encrypted names ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 switchport access vlan 3 ! interface Ethernet0/6 ! interface Ethernet0/7 ! interface Vlan1 nameif inside security-level 100 ip address 192.168.1.1 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address dhcp setroute ! interface Vlan3 no forward interface Vlan1 nameif dmz security-level 50 ip address 192.168.2.1 255.255.255.0 ! banner motd boot system disk0:/asa842-k8.bin ftp mode passive dns domain-lookup inside dns domain-lookup outside dns server-group DefaultDNS name-server 4.2.2.2 name-server 68.87.69.146 name-server 68.87.58.98 object network obj_any subnet 0.0.0.0 0.0.0.0 access-list ACL_IN extended permit ip any any access-list WAN_IN extended permit udp any eq domain any pager lines 24 logging enable logging timestamp logging trap debugging logging asdm informational logging host inside 192.168.1.11 mtu inside 1500 mtu outside 1500 mtu dmz 1500 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-645-206.bin no asdm history enable arp timeout 14400 ! object network obj_any nat (inside,outside) dynamic interface access-group ACL_IN out interface inside timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy user-identity default-domain LOCAL http server enable http 192.168.1.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart telnet timeout 5 ssh 192.168.1.11 255.255.255.255 inside ssh timeout 30 ssh version 2 console timeout 0 dhcpd dns 68.87.58.98 68.86.69.146 dhcpd lease 43200 ! dhcpd address 192.168.1.100-192.168.1.131 inside dhcpd enable inside ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept webvpn username userme password QHdgfaYZbd0ksu7c encrypted privilege 15 ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp inspect ip-options ! service-policy global_policy global prompt hostname context no call-home reporting anonymous call-home profile CiscoTAC-1 no active destination address http https://tools.cisco.com/its/service/oddce/services/De destination address email callhome@cisco.com destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly subscribe-to-alert-group configuration periodic monthly subscribe-to-alert-group telemetry periodic daily Cryptochecksum:8297c75f00efad37ae7fd3c091267e38 : end
More
13 years 1 month ago #37634 by Chris
Rrlangly,

I was about to prepare a detailed reply to this thread, but I remembered that one of our members has created an excellent tutorial - introduction to the ASA 5500 Firewall which I believe will cover your issues.

Please visit the following link and read through it as I am sure it will provide all the necessary information to get your ASA 5505 working as required.

www.firewall.cx/forum/10-firewall-filter...5-configuration.html

If you still have issues after reading the post, let us know.

Good luck!

Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
Time to create page: 0.116 seconds