ASA 5505: Guest VLAN Internet access

Answered Question

This is my first encounter with a Cisco product so be nice please ;)


I have the Base License for my 5505 and have currently 3 VLANs (outside, inside and guest). The inside VLAN is working as expected but I can't get my guest VLAN to access the Internet. The Packet Tracer in ADSM tells me that packets can flow from the guest VLAN to the Internet but it does not work in practice.


Can any kind soul take a peek @ my config and give me any clues?


Thanks in advance!



Correct Answer by acomiskey about 9 years 11 months ago

Where are the dns servers?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
acomiskey Wed, 06/20/2007 - 05:25
User Badges:
  • Green, 3000 points or more

Try...


nat (guest) 1 0.0.0.0 0.0.0.0


Please rate if it helps.



Correct Answer
acomiskey Wed, 06/20/2007 - 05:32
User Badges:
  • Green, 3000 points or more

Where are the dns servers?

Never mind! A write mem command did the trick. Works like a charm now.


If anyone has the time:

Is a guest VLAN restricted from the inside VLAN considered a secure configuration? I mean, these networks are physically connected to each other. I guess there are ways to compromise the ASA and get access to the inside from my guest VLAN?


I have other public IP:s and could put the guests on another router as:


Internet

|

|

Switch--------ASA 5505------Inside network

|

|

Other FW-------Guest network


All suggestions are most welcome!

Actions

This Discussion