Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Access issue with guest wireless and ASA


I have a guest wireless subnet that's only allowed access to the outside world and that's it. A problem came up today that required a user in the company to be able to get to a hosted server on the LAN. A static nat exists for everyone on the outside to get to the server, so the thought was that they would connect to the guest wireless and then get to the hosted server via public address. This didn't work, but I think it's because the traffic is going through the ASA as natted, and then coming back out again making it look like the packet is being spoofed. Is that correct, and is there a way around it?



HTH, John *** Please rate all useful posts ***
Cisco Employee

Re: Access issue with guest wireless and ASA


There's a hundred of way this could have failed depending on configuration ...

Easiest way to check - enable logging on informational level, run a test check "show logg | i IP_ADDR_OF_SOURCE_OR_DESTINATION"

My GUESS it will be something related to translations or acls ...

You can create a static translation from LAN to wifi interface with public IP address.

Elegant solutions include

- IPsec VPN to access LAN resources from wifi

- DNS rewrite via "dns" keyword on static.

New Member

Re: Access issue with guest wireless and ASA

You may be able to get this to work using hairpining.  I did something similar recently and though it's a little tricky, it's not impossible.  Take a look at this: