Solved

ASA 8.0 Nnat and no nat issues

Posted on 2014-09-24
3
41 Views
Last Modified: 2015-08-25
Hi All,

Struggling a bit with an old ASA 5510 running ASA v8.0.  

This is a production box with previous confg on it. I have just added a 'guest wifi' segment to a spare port. This is to provide internet access only to people on the WiFi lan.  But, I also want to be able to manage the access point (HTTPS) from my 'inside' lan. Currently the inside lan can access the internet too. Both segments are correctly natting to the public address on my outside interface.

What config do I need to perform to allow hosts connected to 'inside' to reach the access point on 'GuestWiFi' but WITHOUT nat? I want the real ip address of the host to be logged by the AP.

I am struggling with the nat statements!

Remember, this is an old (pre v8.3) box.
Cheers
0
Comment
Question by:Tommy_Cooper
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 40347609
Nat (inside,wifi) 0 <inside ip subnt> <mask>

Substitute your guest wifi interface name for wifi
0
 
LVL 3

Accepted Solution

by:
Tommy_Cooper earned 0 total points
ID: 40380326
A bit shocked at the lack of response here. EE was once a great resource. Not sure what happened!

So this response was sadly wrong.  The syntax is incorrect and the nameif inside the brackets is a single entry with no possibility of accepting multiple values. As it happens, my solution was to just add an extended ACL from my internal subnet to the AP host using the previously existing ACL for NAT 0

Thanks for the attempt though lrmoore :)
0
 
LVL 3

Author Closing Comment

by:Tommy_Cooper
ID: 40945630
Wrong answer!
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ARP not working as expected 11 79
ASA RADIUS Authetication for Management Access 13 58
Cisco 4400 will not take SFP module ? SFP 10 GB module 1 89
DHCP for a new, 2nd subnet 12 61
I recently updated from an old PIX platform to the new ASA platform.  While upgrading, I was tremendously confused about how the VPN and AnyConnect licensing works.  It turns out that the ASA has 3 different VPN licensing schemes. "site-to-site" …
From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question