Wireless Access

Occasional Contributor II

Corporate Internet access and RAP3 remote user

We have a RAP3 with a wired user in a remote location and are having an issue with Internet access. The RAP connects and works fine with our internal applications, but there is no Intenet access. I worked with TAC for about 6 hours on this and didn't make much progress, they said it was somehting I needed to change on our Cisco ASA Firewall. The Cisco currently has a network PAT configured for the VLAN used for the RAP3's.


I've gotten it narrowed down to the following. If I enable source NAT on the VLAN IP Interface on my controller, I can ping Intenet websites, but any other web traffic gets blocked by our Cisco ASA firewall. With source NAT disabled I cannot ping any websites at all. The wired thing is I have a RAP5 set up that works fine (with source NAT disabled). I've run out of ideas so I decided to post here.

The message on my firewall is:

Inbound TCP connection denied from <OutsideWebsiteIP>/80 to <InsideControllerIP>/50406 flags SYN ACK  on interface Inside


Controllers are 7210's with OS version


Any help would be appreciated.


**** SOLVED**** I needed to add a routing statement on the Cisco ASA. Simple as that.

ACMP - Feb 2014
Search Airheads
Showing results for 
Search instead for 
Did you mean: