Wireless guest have no connectivity in the DMZ
Hi,
I am deploying a new wireless setup with two 2504 controllers, one for the corporate ssid and one for guest segment.
The anchor controller used for web-authentication has 1 leg in the inside network (10.x.x.x) and 1 leg in the dmz 192.168.100.x (to ASA 5515 v9.0) on the 192.168.100.0 /24 range.
The ASA has internal and external context.
The Mobility tunnel is up.
The ASA is doing DHCP, and the hosts receive IP addresses and (public) DNS 173.194.67.94.
Problem is the hosts cannot do DNS lookup and thus no redirection to the web-portal.
The ASA shows no denies. When I ping the DNS from the Anchor controller, I see the following.
Jul 11 2013 07:44:17: %ASA-6-302020: Built outbound ICMP connection for faddr 173.194.67.94/0 gaddr 10.101.114.172/815 laddr 10.101.114.172/815
Jul 11 2013 07:44:19: %ASA-6-302021: Teardown ICMP connection for faddr 173.194.67.94/0 gaddr 10.101.114.172/815 laddr 10.101.114.172/815
A packet sniffer shows that hosts connected send DNS requests and never get anything back.
How should approach this issue from here?
Hi,
after some changes, the WLC can now reach the public DNS server.
However, the hosts cannot do anything. (no nslookup, no ping)
I removed web-authentication from the WLAN config to simplify troubleshooting, but even so, the result is the same.
Host receives IP address and DNS server.
When I do a packet tracer on the outside context, from the guest (wifi) segment to the DNS, I see the packet is dropped.
Phase: 2
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
my config is:
object network Guest_wireless
subnet 192.168.100.0 255.255.255.0
access-list GUEST extended permit ip object Guest_wireless any
access-list GUEST extended permit icmp object Guest_wireless any
access-group GUEST in interface Guest_wireless
interface GigabitEthernet0/3.2
nameif Guest_wireless
security-level 40
ip address 192.168.100.254 255.255.255.0 standby 192.168.100.253
object network Guest_wireless
nat (dmz,outside) dynamic "public ip"
Thanks
Similar Messages
-
I would like to connect my Ipad 2 wirelessly via 3G with a wireless rooter. The Ipad does not have a slot for a card, so it will have to connect to the rooter via bluetooth. Is this possible? If so, where can I buy such a rooter? Many thanks! Ina
I'm not really understanding what you want. You mention all 3 types of connections: wireless, 3G and bluetooth, but I'm not clear on what you want to do. What the router is supposed to do, and why do you think it would need to connect via bluetooth?
I'm thinking you want to buy a Mifi type device that will allow you to connect to a cellular network and then connect the iPad to that device via the Wifi network the Mifi produces.
Is that so? -
My wireless Apple keyboard won't connect, it just keeps blinking to pair, but nothing connects. I even tried hooking up another wireless I have and it does the same thing. Should I delete it and set it up again?
Hey Apple Health,
Welcome to Apple Support Communities! There's an article that helps to resolve issues with wireless keyboards. I'd take a look at it, go through the troubleshooting steps, and see if that resolves the issue for you:
Troubleshooting wireless mouse and keyboard issues
http://support.apple.com/kb/TS3048
Best,
David -
NB200 Can connect to wireless networks, but cannot connect to the internet
I have been able to connect my Win XP netbook to my secure wireless network at home, other people's networks and public networks like the library and McDonalds. This week I'm away from home and discovered that while I can still connect to a number of different wireless networks, I cannot connect to the internet using Internet Explorer.
I've had this problem once before and fixed it by reinstalling Windows XP and all my other software. I have no idea why it has happened again. I'm hoping for a less drastic solution to the problem..?Hi Nakia,
> I cannot connect to the internet using Internet Explorer.
Have you tested other browsers like Mozilla Firefox and does this work?
As MasterG wrote try to renew the IP address using the commend line.
Last week I had a similar problem and I could solve it by updating the WLAN driver. Just remove the driver, restart the notebook and install the newest one. :) -
I have a new MAC MINI and I want to install a second monitor. I have one connected to the HDMI and it works. I can't get a signal to the other one. It is connected from the thunderbolt to its HDMI port. How can I make it work?
Could be a bad cable or bad Thunderbolt port.
You have 90 days of free telephone support on a new device. You can call them at 1-800-MY-APPLE. Have your Mini's serial number handy
You can also make an appointment at the Genius Bar of an Apple store.
Apple Retail Store - Genius Bar -
I have a connection in the top left hand corner and can access the internet with and without internet on my iphone 5c but I can't receive and create texts and calls, someone please help have tried everything!
YOu will need to contact your cell phone provider to resolve those issue, those are carrier features.
-
What is the best way to preserve my MacBook Pro battery? Should I always have it connected to the charger when using it, or should I use it and then recharge it?
Don't worry about it:
http://macmost.com/dont-stress-about-batteries.html
If you want to condition it once a month, go ahead:
http://www.apple.com/batteries/notebooks.html -
my classic is frozen. cannot get it to repond or turn off. I have tried connecting to the computer as well, nothing works
Hello laurijreimer
If you are having issues with your iPod, try restarting it by holding the menu and the center button until the Apple Logo comes up. Check out the article below for more info.
iPod Troubleshooting Assistants
http://www.apple.com/support/ipod/five_rs/
Regards,
-Norm G. -
phone will not connect with iTunes, so you can not run, and I unlocked it and got the message that it is unlocked and I have to connect with the tunes.
Try this - Reset the iPad by holding down on the Sleep and Home buttons at the same time for about 10-15 seconds until the Apple Logo appears - ignore the red slider - let go of the buttons. (This is equivalent to rebooting your computer.) No data/files will be erased. http://support.apple.com/kb/ht1430
Frozen or unresponsive iPad
Resolve these most common issues:
• Display remains black or blank
• Touch screen not responding
• Application unexpectedly closes or freezes
http://www.apple.com/support/ipad/assistant/ipad/
iPad Frozen, not responding, how to fix
http://appletoolbox.com/2012/07/ipad-frozen-not-responding-how-to-fix/
iPad Frozen? How to Force Quit an App, Reset or Restart Your iPad
http://ipadacademy.com/2010/11/ipad-frozen-how-to-force-quit-an-app-reset-or-res tart-your-ipad
iPad: Basic troubleshooting
http://support.apple.com/kb/TS3274
Cheers, Tom -
HT1657 Do I have to connected to the Internet to watch a rental movie
Do I have to connected to the Internet to watch rental movies?
As long as the film has been fully downloaded then you should be able to watch it without being online.
-
I just want to upgrade one of my apps it's appearing that I have to connect to the iTunes support I tried many time it doesnot effecte .
What did iTunes support say when you contacted them ? If you haven't contacted them (and it may take 24 hours for them to rpely) then you can do so via this page : http://www.apple.com/support/itunes/contact/ - click on Contact iTunes Store Support on the right-hand side of the page
-
I have a MAC desktop and RCN cable that I have internet through now. I tried to set up a linksys wireless router today and could not get the network settings right, or figure out how to create the network, or get connected. I was successfull for only a few minutes because my phone and laptop had picked up the signal. However my desktop still would not connect to the internet. I had to restart my cable modem after because even after returning to directly inserting the desktop to the modem I could not get on the internet. I am able to get on now but would like to have wireless for my laptop and phone. Do I have to have an Apple router? Are there any easy steps I can take to set up a network without doing any damage to my desktop? I am so lost and have been getting pop ups and even my time changed.
Please help a new person to Apple!why dont you go to linksys.com/downloads and get the quick install for your adpter
-
To follow up on my question. Only because this is the first time I am using this forum.
I have owned the iPad for approximately six months.
I have been using the iPad at home thru my wireless network, no problems.
In addition to my IPad I connect to the intent with my laptop, and my cell phone. No problem.
Suddenly approximately five days ago I have not been able to connect my IPad to the Internet. Laptop and cell phone still connect.
However when I leave my home I am able to connect my IPad from the Public Library and from Starbucks.
Can anyone give me some advice on how to get connected from my home.
Not sure how or when I can expect a response to this problem.
Thanks
Bill
<Email Edited by Host>Thanks, however I am not familiar with the Sleep and Homekey buttons on my IPad.
What I plan to do when I get home from Starbucks is, Settings/general/Reset/reset network
I have rebooted my router no luck.
Am I missing something on not knowing about the Sleep and Homekey?
Thanks,
Bill -
Help. We changed the password on our airport express and I have no problem connecting to the internet, but I am having a problem connecting through our relay airport express. My internet connection is slow and my music will only play for a couple of seconds and then it cuts out? Any suggestions?
Are both of your AirPort Express Base Stations (AX) the 802.11g or 802.11n model? Do you have the second AX configured to "join" the first's wireless network or to extend it?
-
E4200 Wireless Guest and WEP connects, other security settings do not
I have E4200 with fixed ip 192.168.1.2, DHCP off connected through LAN ports to FIOS ActionTec as 192.168.1.1. When connecting through wireless network off the E4200, I can obtain and connect fine under Guest network and WEP security, but for any other security setting, WPA, WPA2, Mixed mode, etc. I get the message "Aquiring network address" forever, and I never get a connection. How do I troubleshoot?
Is your FIOS ActionTec wired or wireless modem/router…. From where you are receiving the wireless signals to connect… Which operating System that you are running on the computer? It happens only to a specific computer or it happens to all the computers connected in the network?
Maybe you are looking for
-
How can I find out the percentage of space taken up by a vector in a document?
Hi all, I've been doing visual research over the last couple of years, and part of this has resulted in hundreds of in-design documents with vectors of varying sizes in each. Essentially, I'm hoping to find a quick way to find out the percentage of s
-
I already had my system board (main board)replaced due to the bsod and now that I have gotten it back I have tihs new problem. Occasionally I'll be using the laptop and a program will crash, which is fine so I try to go to the task manager. I ctrl-al
-
Hello, I know the 1st gen iPad doesn't have the cameras. But is it still possible to support the Facetime, I mean to receive the video/audio from the other user and send only audio out? Thanks!
-
Extending DAM Asset Editor formitems and grouping new fields into a widgetcollection
Hi, I'm a newbie so be kind pretty please... We have a requirement for one of the websites hosted on our CQ instance to have some extended DAM properties for PDF files. Eg. Summary (textfield) and Search Weighting (selection) We have added a new name
-
The following import prerequisites of OCS Package " " have not been met
Hi SAP gurus, Am in upgrading ECC 6.0 to EHP4. in th configuration Phase am facing this erro: " Severe error(s) occured in phase PREP_EXTENSION/SUBMOD_EXTENSION_NEW/EHP_INCLUSION! Last error code set: unable to generate package queue, return