Access issue with guest wireless and ASA

Unanswered Question
Jun 28th, 2010
User Badges:
  • Purple, 4500 points or more


I have a guest wireless subnet that's only allowed access to the outside world and that's it. A problem came up today that required a user in the company to be able to get to a hosted server on the LAN. A static nat exists for everyone on the outside to get to the server, so the thought was that they would connect to the guest wireless and then get to the hosted server via public address. This didn't work, but I think it's because the traffic is going through the ASA as natted, and then coming back out again making it look like the packet is being spoofed. Is that correct, and is there a way around it?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Marcin Latosiewicz Mon, 06/28/2010 - 08:53
User Badges:
  • Cisco Employee,


There's a hundred of way this could have failed depending on configuration ...

Easiest way to check - enable logging on informational level, run a test check "show logg | i IP_ADDR_OF_SOURCE_OR_DESTINATION"

My GUESS it will be something related to translations or acls ...

You can create a static translation from LAN to wifi interface with public IP address.

Elegant solutions include

- IPsec VPN to access LAN resources from wifi

- DNS rewrite via "dns" keyword on static.


This Discussion