09-28-2014 06:37 PM
I have a small 3 IAP network connecting to a basic switch and into a cisco ASA for internet.
The IAPs are giving dhcp addresses in the 192.168.212.0/24 network using the default dhcp scope. The IAPs are on mgmt network 192.168.12.0.
Noone connecting to the .212 network can reach the internet. I can ping the 212 gateway, the .12 gateway, but cannot get passed that. The guy that setup the firewall says there isn't anything wrong with his config, but i'm hesitant.
I'm 99% sure its a routing issue, but i want to make sure i'm not missing anything.
I found this route in the ASA that appears to be sending traffic to a dead end (12.201):
route Public 192.168.212.0 255.255.255.0 192.168.12.201 1
I have not received a response yet about it.
any other things I can check while waiting on a response?
09-29-2014 07:05 PM
Still fighting this. No entries in the arp table of the firewall for the 212 network. Everything else is there.
Firewall can ping wireless clients. Wireless clients can ping inside gateway.
routing table is:
C 192.168.12.0 255.255.255.0 is directly connected, ATLPublic
S 192.168.212.0 255.255.255.0 [1/0] via 192.168.12.50, ATLPublic
C 96.x.x.y4 255.255.255.252 is directly connected, outside
C 192.168.4.0 255.255.255.0 is directly connected, Office
S* 0.0.0.0 0.0.0.0 [1/0] via 96.x.x.y5, outside
I've changed the static route from 12.1, to 12.2(ap01), to 12.50(VAC). Still no connection.
09-30-2014 05:56 AM
From what I know, when you use the default dhcp scope of the IAP, all your WiFi client traffic comes out to Internet NATTED by the IAPs. So you sholud see the traffic of your WiFi client comes out with the IP addresses of the IAPs. And so, in the firewall, you have to permit the traffic from the IAPs IP to reach Internet.
In fact I suppose that the .212 network exists only on your IAPs, right?
[If you found my post helpful, please give kudos]
Telecommunications engineer - ACMP2013