Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1713
Views
5
Helpful
4
Replies

ASA 5505: Guest VLAN Internet access

Go to solution
jsd
Level 1
Level 1

‎06-20-2007 05:22 AM - edited ‎03-05-2019 04:51 PM

This is my first encounter with a Cisco product so be nice please ;)

I have the Base License for my 5505 and have currently 3 VLANs (outside, inside and guest). The inside VLAN is working as expected but I can't get my guest VLAN to access the Internet. The Packet Tracer in ADSM tells me that packets can flow from the guest VLAN to the Internet but it does not work in practice.

Can any kind soul take a peek @ my config and give me any clues?

Thanks in advance!

Labels:
Preview file
6 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
acomiskey
Level 10
Level 10
In response to jsd

‎06-20-2007 05:32 AM

Where are the dns servers?

View solution in original post

0 Helpful
4 Replies 4

Go to solution
acomiskey
Level 10
Level 10

‎06-20-2007 05:25 AM

Try...

nat (guest) 1 0.0.0.0 0.0.0.0

Please rate if it helps.

Go to solution
jsd
Level 1
Level 1
In response to acomiskey

‎06-20-2007 05:31 AM

Perfect! Now it's possible to browse the web by IP. DNS-resolution gets stuck in the ASA though so browsing to www.cisco.com fails. Any hints on that?

0 Helpful

Go to solution
acomiskey
Level 10
Level 10
In response to jsd

‎06-20-2007 05:32 AM

Where are the dns servers?

0 Helpful

Go to solution
jsd
Level 1
Level 1
In response to acomiskey

‎06-20-2007 05:39 AM

Never mind! A write mem command did the trick. Works like a charm now.

If anyone has the time:

Is a guest VLAN restricted from the inside VLAN considered a secure configuration? I mean, these networks are physically connected to each other. I guess there are ways to compromise the ASA and get access to the inside from my guest VLAN?

I have other public IP:s and could put the guests on another router as:

Internet

|

|

Switch--------ASA 5505------Inside network

|

|

Other FW-------Guest network

All suggestions are most welcome!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card