How to allow Internet Access to Second Network

We are deploying ASA 5505 to home users who currently have a Internet connection along with a wireless router(not provided by us)  I looking for a way to VLAN a port on the ASA and provide Internet to the Wireless device.  I have the basic license.
ASA Version 8.0(3) 
!
hostname caurog-ASA1
domain-name altus.local
enable password 2hjkEuGBa9oJjIHZ encrypted
names
name 192.168.7.0 NMKT_DATA
name 10.0.7.0 NMKT_VOICE
name 10.0.16.0 ETOB_VOICE
name 207.164.136.0 NMKT_OUTSIDE
name 192.168.123.0 Wireless
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.250.9 255.255.255.248 
!
interface Vlan2
 nameif outside
 security-level 0
 ip address dhcp setroute 
!
interface Vlan12
 no forward interface Vlan1
 nameif home  
 security-level 50
 ip address 172.16.1.1 255.255.255.0 
!             
interface Ethernet0/0
 switchport access vlan 2
!             
interface Ethernet0/1
 switchport access vlan 12
!             
interface Ethernet0/2
!             
interface Ethernet0/3
!             
interface Ethernet0/4
!             
interface Ethernet0/5
!             
interface Ethernet0/6
!             
interface Ethernet0/7
!             
passwd 2KFQnbNIdI.2KYOU encrypted
boot system disk0:/asa803-k8.bin
ftp mode passive
clock timezone est 5
dns server-group DefaultDNS
 name-server 4.2.2.2
 domain-name altus.local
same-security-traffic permit intra-interface
object-group protocol TCPUDP
 protocol-object udp
 protocol-object tcp
access-list _vpnc_no_nat_acl extended permit ip any 192.168.0.0 255.255.0.0 
access-list _vpnc_no_nat_acl extended permit ip any 10.0.0.0 255.255.0.0 
access-list 100 extended permit icmp any any echo-reply 
access-list 100 extended permit icmp any any source-quench 
access-list 100 extended permit icmp any any unreachable 
access-list 100 extended permit icmp any any time-exceeded 
access-list home_nat_outbound extended permit ip Wireless 255.255.255.0 any 
access-list outside_access_in extended permit ip any 172.16.1.0 255.255.255.0 
pager lines 24
logging enable
logging console emergencies
logging monitor emergencies
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu home 1500 
icmp unreachable rate-limit 1 burst-size 1
icmp permit any traceroute inside
icmp permit any traceroute outside
asdm image disk0:/asdm-611.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
access-group outside_access_in in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 124.185.216.129 255.255.255.255 outside
http NMKT_DATA 255.255.255.0 inside
http 192.168.1.0 255.255.255.0 inside
http 192.168.250.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet 192.168.250.0 255.255.255.0 inside
telnet 192.168.7.32 255.255.255.248 inside
telnet 10.1.0.0 255.255.255.0 outside
telnet timeout 5
ssh scopy enable
ssh 192.168.250.0 255.255.255.0 inside
ssh 192.168.7.32 255.255.255.248 inside
ssh 10.1.0.0 255.255.255.0 outside
ssh timeout 5 
console timeout 0
management-access inside
dhcpd auto_config outside
!             
dhcpd address 192.168.250.10-192.168.250.14 inside
dhcpd enable inside
!             
dhcpd address 172.16.1.2-172.16.1.2 home
dhcpd dns 4.2.2.2 4.2.2.3 interface home
dhcpd option 3 ip 172.16.1.1 interface home
dhcpd enable home
!             
vpnclient server 100.100.100.100
vpnclient mode network-extension-mode
vpnclient nem-st-autoconnect
vpnclient vpngroup RemoteASAUsers password ********
vpnclient username caurog password ********
vpnclient management tunnel NMKT_DATA 255.255.255.0
vpnclient enable
threat-detection basic-threat
threat-detection statistics access-list
username caurog password OOoBaeO.IwHGNokO encrypted
username monit password FOD079G5n9CjnitT encrypted
username altusadmin password ZuM0kD/QGQyKa2Je encrypted
!             
class-map inspection_default
 match default-inspection-traffic
!             
!             
policy-map type inspect dns preset_dns_map
 parameters   
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect rsh 
  inspect rtsp 
  inspect esmtp 
  inspect sqlnet 
  inspect skinny  
  inspect sunrpc 
  inspect xdmcp 
  inspect sip  
  inspect netbios 
  inspect tftp 
!             
service-policy global_policy global
prompt hostname context 
Cryptochecksum:6a22c6a15e5cff9e25a85ef9e9284a22
: end

Open in new window

altusadmin2Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

atyarCommented:
If I'm understanding your question correctly, you're on the right track.
1)You need a vlan interface on the same 'network' as your wireless.  From your network names at the top of the config, it looks like the wireless devices are on the 192.168.123.0 network (presumably subnet mask 255.255.255.0).  If you're using an external wireless router connected to the pix, give the 'outside/internet' interface on the router an address on an address like 192.168.250.10 255.255.255.248, with a gateway of 192.168.250.9.

2)Configure an access-list to allow/restrict the traffic from the wireless router as you see fit, and apply it inbound on that vlan interface in 1).

That should do it....
0
altusadmin2Author Commented:
I had missed a dynamic NAT for the Home to Outside
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.