05-10-2016 07:41 AM - edited 05-10-2016 07:46 AM
I am having the following problem I hope someone can help with. I have an IAP that has 1 untagged and 1 tagged vlan to it. The IAP/VC is in the untagged vlan and the SSID uses the tagged vlan. The SSID has an external captive portal pointed to clearpass. I have a pre-auth role for the SSID that re-directs to the captive portal. I also have a rule in the pre-auth role that says to src nat the traffic to the clearpass server when using https. If I use the IP address of clearpass in the external captive portal profile everything works normally, however; if i try to use the fqdn to fix certificate errors it will not work. I can ping CPPM via hostname. When I look on my firewall the https traffic is not being source natted. Has anyone else seen this behavior?