Wireless Access

I've recently been trying to setup an ACL to restrict access to my local network, but allow access to the Internet.
The ACL I created does what I want when I apply it to my WLAN. I can ping google.com but not my local mail server. However, after only a minute or two, all traffic stops. (both ping sessions time out. If I remove the ACL from the WLAN, all pings work. I can then re-apply the ACL and the google ping continues, but the mail server stops. But only for another few minutes. My conclusion is that ACLs don't seem to work or I'm doing something wrong. Below is my ACL. Any help is appreciated!

ip access-list standard 10
permit 10.70.0.0/16 rule-precedence 1
permit host 10.0.0.250 rule-precedence 10
deny 10.0.0.0/8 rule-precedence 50
permit any rule-precedence 100


10.70 is the subnet for the wireless workstations, and the WESM.

10.0.0.250 is my firewall.

Can you post some more information about your VLAN and NAT setup?

The 5400 the WESM is installed in has several VLANs. The firewall is on VLAN1. VLAN1 has a 10.0.x.x address. The WLAN is on VLAN15. VLAN15 has a 10.70.x.x address on both the switch and the WESM. Routing is enabled and the 5400 has the firewall as it's default route.

Does that help?

One other note.
The ACL is applied Outbound.

I'm pretty sure you need to also apply a MAC ACL to allow ARP traffic. It's not documented but I've run into this problem before.

I'm confused as to why it would work for a couple minutes and then stop though. I could see if it didn't work at all.