How to allow Internet Access to Second Network

We are deploying ASA 5505 to home users who currently have a Internet connection along with a wireless router(not provided by us)  I looking for a way to VLAN a port on the ASA and provide Internet to the Wireless device.  I have the basic license.
ASA Version 8.0(3) 
hostname caurog-ASA1
domain-name altus.local
enable password 2hjkEuGBa9oJjIHZ encrypted
name Wireless
interface Vlan1
 nameif inside
 security-level 100
 ip address 
interface Vlan2
 nameif outside
 security-level 0
 ip address dhcp setroute 
interface Vlan12
 no forward interface Vlan1
 nameif home  
 security-level 50
 ip address 
interface Ethernet0/0
 switchport access vlan 2
interface Ethernet0/1
 switchport access vlan 12
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
passwd 2KFQnbNIdI.2KYOU encrypted
boot system disk0:/asa803-k8.bin
ftp mode passive
clock timezone est 5
dns server-group DefaultDNS
 domain-name altus.local
same-security-traffic permit intra-interface
object-group protocol TCPUDP
 protocol-object udp
 protocol-object tcp
access-list _vpnc_no_nat_acl extended permit ip any 
access-list _vpnc_no_nat_acl extended permit ip any 
access-list 100 extended permit icmp any any echo-reply 
access-list 100 extended permit icmp any any source-quench 
access-list 100 extended permit icmp any any unreachable 
access-list 100 extended permit icmp any any time-exceeded 
access-list home_nat_outbound extended permit ip Wireless any 
access-list outside_access_in extended permit ip any 
pager lines 24
logging enable
logging console emergencies
logging monitor emergencies
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu home 1500 
icmp unreachable rate-limit 1 burst-size 1
icmp permit any traceroute inside
icmp permit any traceroute outside
asdm image disk0:/asdm-611.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1
access-group outside_access_in in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
http outside
http NMKT_DATA inside
http inside
http inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet inside
telnet inside
telnet outside
telnet timeout 5
ssh scopy enable
ssh inside
ssh inside
ssh outside
ssh timeout 5 
console timeout 0
management-access inside
dhcpd auto_config outside
dhcpd address inside
dhcpd enable inside
dhcpd address home
dhcpd dns interface home
dhcpd option 3 ip interface home
dhcpd enable home
vpnclient server
vpnclient mode network-extension-mode
vpnclient nem-st-autoconnect
vpnclient vpngroup RemoteASAUsers password ********
vpnclient username caurog password ********
vpnclient management tunnel NMKT_DATA
vpnclient enable
threat-detection basic-threat
threat-detection statistics access-list
username caurog password OOoBaeO.IwHGNokO encrypted
username monit password FOD079G5n9CjnitT encrypted
username altusadmin password ZuM0kD/QGQyKa2Je encrypted
class-map inspection_default
 match default-inspection-traffic
policy-map type inspect dns preset_dns_map
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect rsh 
  inspect rtsp 
  inspect esmtp 
  inspect sqlnet 
  inspect skinny  
  inspect sunrpc 
  inspect xdmcp 
  inspect sip  
  inspect netbios 
  inspect tftp 
service-policy global_policy global
prompt hostname context 
: end

Open in new window

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

If I'm understanding your question correctly, you're on the right track.
1)You need a vlan interface on the same 'network' as your wireless.  From your network names at the top of the config, it looks like the wireless devices are on the network (presumably subnet mask  If you're using an external wireless router connected to the pix, give the 'outside/internet' interface on the router an address on an address like, with a gateway of

2)Configure an access-list to allow/restrict the traffic from the wireless router as you see fit, and apply it inbound on that vlan interface in 1).

That should do it....
altusadmin2Author Commented:
I had missed a dynamic NAT for the Home to Outside

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.