Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Cross interface traffic ASA5505

My brain is not workomg this morning.

I have an ASA-5505, interfaces as follows -

Outisde interface:

  • WAN/Internet
  • Security Level 0
  • vlan3

Inside interface:

  • 10.10.10.0/24
  • Security Level 100
  • vlan1

Guest Wi-Fi interface:

  • 192.168.168.0/24
  • Security Level 90
  • vlan 23

I have an Exchange server on the 10.10.10.0 network.  I need to be able to allow ActiveSync and OWA from the Guest WiFi through to the Exchange server on the 10.10.10.0 network.  The Guest Wi-Fi uses external DNS so traffic is going out to the Internet and getting an IP address which is of course assigned to the Outside interface abd trying to come back in on that interface.

How do I make this do what I need?  How do I setup the rules to allow this traffic?

Thanks!

2 REPLIES

Cross interface traffic ASA5505

You need to:-

1) Allow the traffic from the Guest-WIFI interface to the Inside interface via and ACL

2) Configure the nat-exemption for this traffic flow

HTH>

New Member

Cross interface traffic ASA5505

I think what's got me here is the nat-exemption.  Do I want static NAT?  Something like:

      nat (WiFi,inside) 4 source static any any destination static obj-10.10.10.209 obj-10.10.10.209

339
Views
0
Helpful
2
Replies
CreatePlease to create content