How to resolve to DMZ controller's IP address when the guest traffic is tunneled to DMZ controller

Aruba Employee
Aruba Employee

Environment         Typical environment where guest traffic is tunneled to DMZ controller from master/local controller or IAP.


We have seen issue with guest user authentication when the traffic is being tunneled from master/local controller or IAP to DMZ. Because DMZ controller is the authenticator but when the client tries to resolve during guest login/post the master/local controller or IAP will respond with its IP address, since the default certificate CN of the controller matches the FQDN

Solution 1:
Installing a new/dummy server certificate on master/local controller or IAP with different CN other than (eg: or and mapping the installed certificate to Captive Portal under Configuration >> MANAGEMENT >> General, will tunnel lookup query from client to DMZ and DMZ will respond  to the client with its IP address for proper POST and authentication.




Install a dummy certificate on the DMZ controller and replace with CN of new certificate in ClearPass Guest under self-registration or weblogin NAS Setting >> Ip/hostname.



Version history
Revision #:
1 of 1
Last update:
‎11-11-2014 12:47 PM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: