Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Wireless to Trust Interface on ASA5510

Hi:

My ASA E0 is untrust, E1 is Trust and E2 is Wireless. I can connect to internet thru my wireless but I can not connect to my internal Trust network which include any web server, any domain or even my mail server.

access-list 101 extended permit tcp any host xx.xxx.xxx.xxx eq www

access-list 101 extended permit tcp any host xx.xxx.xxx.xxx eq www

global (Untrust) 1 interface

nat (Trust) 0 access-list Trust_nat0_outbound

nat (Trust) 1 0.0.0.0 0.0.0.0

nat (Wireless) 1 0.0.0.0 0.0.0.0

static (Trust,Untrust) xx.xxx.xxx.xxx 192.168.1.231 netmask 255.255.255.255 dns

static (Trust,Untrust) xx.xxx.xxx.xxx 192.168.1.230 netmask 255.255.255.255 dns

access-group 101 in interface Untrust

I have a little idea how to do it but not sure.

Do i need access-list acl_in to permit tcp host on 192.168.1.x eq www ?

and then assign acl_in on Trust

or is there any other solution?

Thanks.

Rajiv

1 REPLY

Re: Wireless to Trust Interface on ASA5510

hi .. for access from Internet to internal hosts you need a static NAT and and access-list allowing that traffic

access-list 101 extended permit tcp any host xx.xxx.xxx.xxx eq www

access-group 101 in interface Untrust

static (Trust,Untrust) xx.xxx.xxx.xxx 192.168.1.231 netmask 255.255.255.255 dns

for allowing access from trust to outside you need a combination of global and nat. and you can create an access-list for controlling the traffic

access-list Trust-Outside extended permit ip any any

access-group Trust-Outside in interface trust

nat (trust) 10 0 0

global (untrust) 10 interface

To allow access to Internet from the wireless zone you have done it already.

to allow access betwen wireless and trust you can use static nat and access-list to control traffic

static (trust,wireless) x.x.x.0 x.x.x.0 netmask 255.255.255.0

where x.x.x.0 is the range of the trust segment

access-list wireless extended permit ip any any

access-group wireless in interface wireless

I hope it helps .. please rate it if it does !!!!

92
Views
0
Helpful
1
Replies
CreatePlease login to create content