Ciso ASA 7.2 DMZ nat

Hi Have  to set up wifi on the DMZ  but the  WiFi people  want odd config.

2 Interfaces on the Firewall
  WIFI_data  - 10.90.1.1/24   SL is 50
   WIFI_Mngt  10.90.1.0/24  SL is 100

WHen traffic hits my firewall I  get  so I cant get to the internet. Can someone help debug my config so that the  WAPs can get to the internet ?

"Dec 09 2015      06:16:36      305005      8.8.8.8             No translation group found for udp src WIFI-Mgmt:10.98.1.11/61801 dst outside2:8.8.8.8/53"


ebsc-ig1# sh run
: Saved
:
ASA Version 7.2(2)
!
hostname ebsc-ig1
domain-name xxx.com
enable password DGerT0.3WeQP2akB encrypted
names
name 10.96.1.103 Sonicwall description Sonicwall emote access
name xxx.xx..59.202 External-ip description External IP
name xxx.xx.59.203 Sonicwall-External description Sonicwall External
!
interface GigabitEthernet0/0
 description ISP Interface
 shutdown
 nameif outside
 security-level 0
 ip address 192.168.1.2 255.255.255.0
!
interface GigabitEthernet0/1
 description LAN Interface
 nameif inside
 security-level 100
 ip address 10.1.1.1 255.255.255.0
!
interface GigabitEthernet0/2
 description main ISP outside2
 nameif outside2
 security-level 0
 ip address External-ip 255.255.255.248
!
interface GigabitEthernet0/3
 nameif WIFI-Mgmt
 security-level 50
 ip address 10.98.1.254 255.255.255.0
!
interface GigabitEthernet0/3.90
 description WIFI_Data Traffic
 vlan 90
 nameif WIFI_Data
 security-level 100
 ip address 10.90.1.254 255.255.255.0
!
interface Management0/0
 description managment inside
 shutdown
 no nameif
 no security-level
 no ip address
!            
passwd DGerT0.3WeQP2akB encrypted
ftp mode passive
dns server-group DefaultDNS
 domain-name xxx.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group network Network_list1
 network-object 10.96.1.0 255.255.255.0
 network-object 10.94.1.0 255.255.255.0
 network-object 10.99.1.0 255.255.255.0
 network-object 10.97.1.0 255.255.255.0
 network-object 10.98.1.0 255.255.255.0
 network-object 10.93.1.0 255.255.255.0
 network-object 10.95.1.0 255.255.255.0
object-group network WIFI_WAP_Data
 description WIFI_WAP_Data
 network-object 10.90.1.0 255.255.255.0
 network-object 10.98.1.0 255.255.255.0
access-list outside extended permit tcp any any eq ssh
access-list ACL-ALL extended permit ip object-group Network_list1 any
access-list inside_in extended permit tcp any any log
access-list inside_in extended permit ip any any log
access-list inside_in extended permit icmp any any log
access-list ACL_OUTSIDE2 extended permit icmp any any
access-list ACL_OUTSIDE2 extended permit ip any any log
access-list WIFI-Mgmt_access_in extended permit icmp 10.98.1.0 255.255.255.0 any echo
access-list WIFI-Mgmt_access_in extended permit udp 10.98.1.0 255.255.255.0 any
access-list WIFI-Mgmt_access_in extended permit tcp any any
access-list WIFI-Mgmt_access_in extended permit udp any any
access-list WIFI_Mgnt_access_out extended permit ip any any
access-list WIFI_Mgnt_access_out extended permit tcp any any
access-list WIFI_Mgnt_access_in extended permit ip any any
access-list WIFI_Mgnt_access_in extended permit tcp any any
access-list WIFI_Mgnt_access_in extended permit udp any any
access-list WIFI_Data_access_in extended permit tcp any any
access-list WIFI_Data_access_in extended permit udp any any
access-list WIFI_Data_access_in extended permit udp 10.90.1.0 255.255.255.0 any
pager lines 24
logging enable
logging trap informational
logging asdm informational
logging device-id hostname
logging host inside 10.95.1.2
mtu outside 1500
mtu inside 1500
mtu outside2 1500
mtu WIFI-Mgmt 1500
mtu WIFI_Data 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-522.bin
no asdm history enable
arp timeout 14400
nat-control
global (outside2) 20 interface
nat (inside) 20 10.0.0.0 255.0.0.0
static (inside,outside2) tcp Sonicwall-External www Sonicwall www netmask 255.255.255.255
static (inside,outside2) tcp Sonicwall-External https Sonicwall https netmask 255.255.255.255
static (outside2,inside) tcp Sonicwall www External-ip www netmask 255.255.255.255
static (outside2,inside) Sonicwall Sonicwall-External netmask 255.255.255.255
access-group inside_in in interface inside
access-group ACL_OUTSIDE2 in interface outside2
access-group WIFI-Mgmt_access_in in interface WIFI-Mgmt
access-group WIFI_Data_access_in in interface WIFI_Data
route inside 10.96.1.0 255.255.255.0 10.1.1.254 1
route inside 10.95.1.0 255.255.255.0 10.1.1.254 1
route inside 10.94.1.0 255.255.255.0 10.1.1.254 1
route inside 10.99.1.0 255.255.255.0 10.1.1.254 1
route inside 10.97.1.0 255.255.255.0 10.1.1.254 1
route inside 10.93.1.0 255.255.255.0 10.1.1.254 1
route outside2 0.0.0.0 0.0.0.0 89.197.59.201 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
username admin password VMjKUVR42fvN0IE1 encrypted
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 10.95.1.0 255.255.255.0 inside
http 10.1.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh 10.0.0.0 255.255.255.0 inside
ssh 10.1.1.0 255.255.255.0 inside
ssh 10.96.1.0 255.255.255.0 inside
ssh 10.95.1.0 255.255.255.0 inside
ssh timeout 5
ssh version 2
console timeout 0
!
!
!            
policy-map Global_policy
!
prompt hostname context
Cryptochecksum:e439bcd91fe2a64db255e349452e657b
: end
thombieAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

asavenerCommented:
Add this line:

nat (WIFI-Mgmt) 20 10.98.0.0 255.255.255.0

and possibly this one:

nat (WIFI_Data) 20 10.90.0.0 255.255.255.0
thombieAuthor Commented:
THanks,  I have the same issue the logs are saying
3      Dec 09 2015      09:46:33      305005      185.17.255.164             No translation group found for udp src WIFI-Mgmt:10.98.1.10/43538 dst outside2:185.17.255.164/7351
asavenerCommented:
run "clear xlate".
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

thombieAuthor Commented:
same problem
asavenerCommented:
Whoops.  I messed up the subnets:

clear xlate
no nat (WIFI-Mgmt) 20 10.98.0.0 255.255.255.0
no nat (WIFI_Data) 20 10.90.0.0 255.255.255.0

nat (WIFI-Mgmt) 20 10.98.1.0 255.255.255.0
nat (WIFI_Data) 20 10.90.1.0 255.255.255.0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
thombieAuthor Commented:
Perfect thanks that works
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.