Hi Pasquale,
I did changed the routing-profile to:
routing-profile
route 192.168.13.0 255.255.255.0 212.203.27.xxx
route 10.0.0.0 255.255.252.0 212.203.27.xxx
The effect is the same still only 192.168.13.253 is pingable (and ssh / https).
The DHCP setting used is this one:
ip dhcp VLAN20
server-type Local
server-vlan 20
subnet 192.168.20.0
subnet-mask 255.255.255.0
lease-time 2700
dns-server 208.67.222.222,208.67.220.220
Fred
-------------------------------------------------------------------------
Did collect some commands on the VC and controller.
OAW-IAP105, Version 6.4.3.1
OAW-4030, Version 6.4.3.3
----------------------------------------------------------------------------------
-- VC:
----------------------------------------------------------------------------------
24:de:c6:xx:xf:51# show ip route
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
212.203.27.xxx 192.168.0.1 255.255.255.255 UGH 0 0 0 br0
192.168.13.253 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
192.168.20.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 br0
24:de:c6:xx:xf:51# show ip interface
Interface IP Address / IP Netmask Admin Protocol
br0 192.168.0.2 / 255.255.255.0 up up
24:de:c6:xx:xf:51# show datapath acl-rule ict
Datapath SSID: ict ACL Entries
----------------------------------------------------------------
Flags: P - permit, L - log, E - established, M/e - MAC/etype filter
S - SNAT, D - DNAT, R - redirect, r - reverse redirect m - Mirror
I - Invert SA, i - Invert DA, H - high prio, O - set prio, C - Classify Media
A - Disable Scanning, B - black list, T - set TOS, t - time based, o - tunnel only
K - App Throttle, s - Domain SA, d - Domain DA, 4 - IPv4, 6 - IPv6
----------------------------------------------------------------
ACL Name {ict 0} Number {130}
1: any any 17 0-65535 8209-8211 P4
2: 192.168.20.0 255.255.255.0 192.168.13.0 255.255.255.0 any 192.168.224.127 PS4 hits 340
3: 192.168.20.0 255.255.255.0 10.0.0.0 255.255.252.0 any 192.168.224.127 PS4 hits 1
4: 192.168.20.0 255.255.255.0 192.168.20.0 255.255.255.0 any P4 hits 325
5: 192.168.20.0 255.255.255.0 224.0.0.0 224.0.0.0 any P4 hits 460
6: 192.168.20.0 255.255.255.0 any any masterip PS4 hits 3076
7: any any any P4 hits 67
----------------------------------------------------------------
ACL Name {ict 1} Number {131}
1: any any 17 0-65535 8209-8211 P4
2: 192.168.20.0 255.255.255.0 192.168.13.0 255.255.255.0 any 192.168.224.127 PST4
3: 192.168.20.0 255.255.255.0 10.0.0.0 255.255.252.0 any 192.168.224.127 PST4
4: 192.168.20.0 255.255.255.0 192.168.20.0 255.255.255.0 any PT4
5: 192.168.20.0 255.255.255.0 224.0.0.0 224.0.0.0 any PT4
6: 192.168.20.0 255.255.255.0 any any masterip PST4
7: any any any PT4
----------------------------------------------------------------
24:de:c6:xx:xf:51#
routing-profile
route 192.168.13.0 255.255.255.0 212.203.27.xxx
route 10.0.0.0 255.255.252.0 212.203.27.xxx
ip dhcp VLAN20
server-type Local
server-vlan 20
subnet 192.168.20.0
subnet-mask 255.255.255.0
lease-time 2700
dns-server 208.67.222.222,208.67.220.220
----------------------------------------------------------------------------------
-- Controler:
----------------------------------------------------------------------------------
(OAW-4030) #show iap trusted-branch-db
Trusted Branch Validation: Enabled
IAP Trusted Branch Table
------------------------
Branch MAC
----------
24:de:c6:xx:xf:51
(OAW-4030) #show whitelist-db rap
AP-entry Details
----------------
Name AP-Group AP-Name Full-Name Authen-Username Revoke-Text AP_Authenticated Description Date-Added Enabled Remote-IP
---- -------- ------- --------- --------------- ----------- ---------------- ----------- ---------- ------- ---------
24:de:c6:xx:xf:51 AP_HOME 24:de:c6:xx:xf:51 Provisioned Thu Oct 22 13:18:57 2015 Yes 0.0.0.0
(OAW-4030) #show iap table
Trusted Branch Validation: Enabled
IAP Branch Table
----------------
Name VC MAC Address Status Inner IP Assigned Subnet Assigned Vlan
---- -------------- ------ -------- --------------- -------------
AP105 24:de:c6:xx:xf:51 UP 192.168.224.127
Total No of UP Branches : 1
Total No of DOWN Branches : 0
Total No of Branches : 1
(OAW-4030) #ping 192.168.224.127
Press 'q' to abort.
Sending 5, 92-byte ICMP Echos to 192.168.224.127, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 21.221/34.3046/42.999 ms
(OAW-4030) #ping 192.168.13.2
Press 'q' to abort.
Sending 5, 92-byte ICMP Echos to 192.168.13.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0.147/0.1772/0.276 ms