Hello All

I'm new to the ASA (or firewalls in general) and I'm getting a little stuck with allowing traffic between interfaces.  I have two interfaces currently setup and they are used for my inside traffic (connects to a cisco 2611 router) and my wireless traffic (cisco SOHO AP in bridged mode).  I'm doing dhcp off the ASA and things are fine until I try to hit a resource in the inside network.  They are set at different levels with inside at 100 and wireless at 50 and I know that I'm going to need acls to allow the traffic.  I've researched and put things in place that seem right but to no avail.  I feel like I'm really close but not quite there.  Running code is 8.2

Some output of current config:

PeetASA# sh run interface
!
interface Ethernet0/0
 switchport access vlan 200
!
interface Ethernet0/1
 shutdown
!
interface Ethernet0/2
 shutdown
!
interface Ethernet0/3
 shutdown
!
interface Ethernet0/4
 switchport access vlan 18
!
interface Ethernet0/5
 switchport access vlan 100
 switchport trunk allowed vlan 100-101,200
 speed 10
 duplex full
!
interface Ethernet0/6
 shutdown
!
interface Ethernet0/7
 shutdown
!
interface Vlan18
 nameif WIRELESS
 security-level 50
 ip address 10.200.200.1 255.255.255.0
!
interface Vlan100
 nameif INSIDE
 security-level 100
 ip address 10.100.100.1 255.255.255.0
!
interface Vlan200
 nameif OUTSIDE
 security-level 0
 ip address dhcp setroute

PeetASA(config)# sh run access-list
access-list wireless extended permit ip any any
access-list wireless extended permit icmp any any

PeetASA(config)# sh run access-group
access-group wireless in interface INSIDE

on one forum I read that you will need to nat between the interfaces with static statements, so I added these also:

PeetASA(config)# sh run static
static (INSIDE,WIRELESS) 10.100.100.0 10.100.100.0 netmask 255.255.255.0
static (WIRELESS,INSIDE) 10.200.200.0 10.200.200.0 netmask 255.255.255.0

I know that an ASA should not be used as a router, but to find it's way to other subnets in my network I have a couple routes in play also:

PeetASA(config)# sh route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is XXX.XXX.XXX.XXX to network 0.0.0.0

S    172.19.0.0 255.255.0.0 [1/0] via 10.100.100.2, INSIDE
S    10.0.0.0 255.0.0.0 [1/0] via 10.100.100.2, INSIDE
C    10.200.200.0 255.255.255.0 is directly connected, WIRELESS
C    10.100.100.0 255.255.255.0 is directly connected, INSIDE
d*   0.0.0.0 0.0.0.0 [1/0] via XXX.XXX.XXX.XXX, OUTSIDE
S    192.168.0.0 255.255.0.0 [1/0] via 10.100.100.2, INSIDE
C    XXX.XXX.XXX.XXX 255.255.248.0 is directly connected, OUTSIDE

Not sure what I'm missing, seems like it should work. I'm starting very general, but eventually what I want is to be able to allow certain devices to cross the networks (aka I can hit internal resources from my machine while on wireless but nobody else can) but for now any-any will work.

Thanks for reading!