ASA 5505: Guest VLAN Internet access

Answered Question

This is my first encounter with a Cisco product so be nice please ;)

I have the Base License for my 5505 and have currently 3 VLANs (outside, inside and guest). The inside VLAN is working as expected but I can't get my guest VLAN to access the Internet. The Packet Tracer in ADSM tells me that packets can flow from the guest VLAN to the Internet but it does not work in practice.

Can any kind soul take a peek @ my config and give me any clues?

Thanks in advance!

I have this problem too.
0 votes
Correct Answer by acomiskey about 9 years 7 months ago

Where are the dns servers?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
acomiskey Wed, 06/20/2007 - 05:25

Try...

nat (guest) 1 0.0.0.0 0.0.0.0

Please rate if it helps.

Never mind! A write mem command did the trick. Works like a charm now.

If anyone has the time:

Is a guest VLAN restricted from the inside VLAN considered a secure configuration? I mean, these networks are physically connected to each other. I guess there are ways to compromise the ASA and get access to the inside from my guest VLAN?

I have other public IP:s and could put the guests on another router as:

Internet

|

|

Switch--------ASA 5505------Inside network

|

|

Other FW-------Guest network

All suggestions are most welcome!

Actions

This Discussion