Solved

ASA 8.0 Nnat and no nat issues

Posted on 2014-09-24
3
36 Views
Last Modified: 2015-08-25
Hi All,

Struggling a bit with an old ASA 5510 running ASA v8.0.  

This is a production box with previous confg on it. I have just added a 'guest wifi' segment to a spare port. This is to provide internet access only to people on the WiFi lan.  But, I also want to be able to manage the access point (HTTPS) from my 'inside' lan. Currently the inside lan can access the internet too. Both segments are correctly natting to the public address on my outside interface.

What config do I need to perform to allow hosts connected to 'inside' to reach the access point on 'GuestWiFi' but WITHOUT nat? I want the real ip address of the host to be logged by the AP.

I am struggling with the nat statements!

Remember, this is an old (pre v8.3) box.
Cheers
0
Comment
Question by:Tommy_Cooper
  • 2
3 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 40347609
Nat (inside,wifi) 0 <inside ip subnt> <mask>

Substitute your guest wifi interface name for wifi
0
 
LVL 3

Accepted Solution

by:
Tommy_Cooper earned 0 total points
ID: 40380326
A bit shocked at the lack of response here. EE was once a great resource. Not sure what happened!

So this response was sadly wrong.  The syntax is incorrect and the nameif inside the brackets is a single entry with no possibility of accepting multiple values. As it happens, my solution was to just add an extended ACL from my internal subnet to the AP host using the previously existing ACL for NAT 0

Thanks for the attempt though lrmoore :)
0
 
LVL 3

Author Closing Comment

by:Tommy_Cooper
ID: 40945630
Wrong answer!
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question