05-28-2014 06:54 AM - edited 05-28-2014 10:39 AM
We have a RAP3 with a wired user in a remote location and are having an issue with Internet access. The RAP connects and works fine with our internal applications, but there is no Intenet access. I worked with TAC for about 6 hours on this and didn't make much progress, they said it was somehting I needed to change on our Cisco ASA Firewall. The Cisco currently has a network PAT configured for the VLAN used for the RAP3's.
I've gotten it narrowed down to the following. If I enable source NAT on the VLAN IP Interface on my controller, I can ping Intenet websites, but any other web traffic gets blocked by our Cisco ASA firewall. With source NAT disabled I cannot ping any websites at all. The wired thing is I have a RAP5 set up that works fine (with source NAT disabled). I've run out of ideas so I decided to post here.
The message on my firewall is:
Inbound TCP connection denied from <OutsideWebsiteIP>/80 to <InsideControllerIP>/50406 flags SYN ACK on interface Inside
Controllers are 7210's with OS version 18.104.22.168_43118
Any help would be appreciated.
**** SOLVED**** I needed to add a routing statement on the Cisco ASA. Simple as that.