WAP doesn't work behind Pix

Is it a wap router?  Are you connecting the wap wan port to the pix?

Wap is just a wap.    Connecting to inside int of pix

What's the model of the wap

        F5D8233-4-v1(01A)
it is a wireless router but I have the button checked where its enabled as an access point only

did you connect the modem port to the pix?  according to the docs setting AP only mode disables NAT'ing and the DHCP server.  Only other thing it really said was connect the modem port to the network.

if that doesn't work, then I'd swap out the AP to PIX cable.  Maybe try a crossover as well (assuming you are currently using a straight-thru).  Beyond that I'm kinda stumped.

btw, the wireless people do get an IP from your DHCP server, same as rest of wired hosts, correct?  

sorry for delayed response. All clients are hardcoded, they don't get IPs from dhcp
I am not connecting the modem port to the pix, I'm connecting it to the internal ports, maybe thats the issue

Here is whats going on:

The wap is connected from its modem port, to my pix (interfacing in a switch actually)

The wired clients can communicate with the wireless clients, vice versa. All protocols seem to work.

The wireless clients cannot ping the pix, the wired clients can. Both wired and wireless are in the 192.168.3.0/24 subnet

sh run

:
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 auto
interface ethernet1 vlan2 logical
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif vlan2 dmz security50
enable password uCC7HvYx68qN0nG5 encrypted
passwd TWxhtD9jxzEIi1Fx encrypted
hostname fwall
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list ipsec permit ip 192.168.3.0 255.255.255.0 172.16.1.0 255.255.255.0
access-list ipsec permit ip 192.168.3.0 255.255.255.0 172.16.10.0 255.255.255.0
access-list ipsec permit ip 192.168.3.0 255.255.255.0 172.16.101.0 255.255.255.0
access-list nonat permit ip 192.168.3.0 255.255.255.0 192.168.50.0 255.255.255.0
access-list nonat permit ip 192.168.3.0 255.255.255.0 172.16.1.0 255.255.255.0
access-list nonat permit ip 192.168.3.0 255.255.255.0 172.16.10.0 255.255.255.0
access-list nonat permit ip 192.168.3.0 255.255.255.0 172.16.101.0 255.255.255.0
access-list outside-to-inside permit icmp any any
access-list outside-to-inside permit tcp any interface outside eq 9090
access-list outside-to-inside permit tcp any interface outside eq www
access-list split_tunnel_acl permit ip 192.168.3.0 255.255.255.0 192.168.50.0 255.255.255.0
access-list dmz permit icmp any any echo-reply
pager lines 24
logging on
logging timestamp
logging buffered informational
logging history informational
mtu outside 1500
mtu inside 1500
ip address outside dhcp setroute
ip address inside 192.168.3.1 255.255.255.0
ip address dmz 192.168.4.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool vpn-pool 192.168.50.10-192.168.50.13 mask 255.255.255.0
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 192.168.3.0 255.255.255.0 0 0
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
nat (dmz) 1 192.168.4.0 255.255.255.0 0 0
static (inside,outside) tcp interface www 192.168.3.130 www netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 9090 192.168.3.131 9090 netmask 255.255.255.255 0 0
static (inside,dmz) 192.168.3.0 192.168.3.0 netmask 255.255.255.0 0 0
access-group outside-to-inside in interface outside
access-group dmz in interface dmz
route outside 0.0.0.0 0.0.0.0 71.200.32.1 1
route outside 172.16.0.0 255.255.0.0 71.200.32.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
aaa authentication ssh console LOCAL
no snmp-server location
no snmp-server contact
snmp-server community public
snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set aesmap esp-aes-256 esp-md5-hmac
crypto ipsec transform-set aes128 esp-aes esp-md5-hmac
crypto dynamic-map vpn 65535 set transform-set aesmap
crypto dynamic-map vpn 65535 set security-association lifetime seconds 84600 kilobytes 4608000
crypto map mymap 88 ipsec-isakmp
crypto map mymap 88 match address ipsec
crypto map mymap 88 set peer 75.150.145.225
crypto map mymap 88 set transform-set aesmap
crypto map mymap interface outside
crypto map vpn 65535 ipsec-isakmp dynamic vpn
crypto map vpn client configuration address initiate
crypto map vpn client authentication LOCAL
isakmp enable outside
isakmp key ******** address 75.140.145.225 netmask 255.255.255.255 no-xauth no-config-mode
isakmp nat-traversal 20
isakmp policy 50 authentication pre-share
isakmp policy 50 encryption aes-256
isakmp policy 50 hash sha
isakmp policy 50 group 2
isakmp policy 50 lifetime 86400
vpngroup family address-pool vpn-pool
vpngroup family split-tunnel split_tunnel_acl
vpngroup family idle-time 14400
vpngroup family password ********
vpngroup password idle-time 1800
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh 192.168.3.0 255.255.255.0 inside
ssh timeout 60
management-access inside
console timeout 0
terminal width 80
Cryptochecksum:f67d225477275bbdfcb8447d483b88b2
: end
fwall#

Select allOpen in new window

wired clients works perfect. I'm beginning to think its this WAP