I currently have a Cisco ASA plugged into a single AP. This plugs into the POE port of the ASA.
the wireless point has 2 ssid's ( vlans ) 1 and 10
both side are trunked to allow the vlans.
vlan 1 is on 192.168.70.0 /24 ( production ) inisde interface
vlan 10 is on 172.16.0.0 /24 ( guest )
The Cisco ASA is acting as the DHCP server for both vlans.
we wanted people on the guest network and the production network seperate which is working good.
now we have a printer on 192.168.70.20 which the guest users will need to access.
I have tried setting up an ACL on the ASA but no luck.
Please see attached ACL list ( these are the default ) nothing has been changed.
can somone point me in the direction to get this working?
I have checked the logs when running a ping to the print from the 172.16 networkto the printer and seeing the attached NAT error
The NAT exempt is another option as well instead of the Identity NAT.
I modify the ACL to make it more restrictive but sure you can leave it with the permit IP any any (as long as you do not have ambiguity on the NAT statements u will be safe there)
If there is no other question please mark it as answered; otherwise let me know
Rate all of the helpful posts!!!
Follow me on http://laguiadelnetworking.com