Hi,
we are having issues with LOCAL L3 dhcp scope, using IAP-VPN to central controller and reaching a guest registration on a central clearpass.
Our guest ssid is using the LOCAL L3 dhcp scope. Our vpn-routing table are routing the clearpass ip-address over the vpn. The problem is the enforce captive portal, that dont source-nat the ip when using dns like guest.customer.se, when using ip address it is getting sourced. See below acls from the enforce captive portal role.
So when we see the traffic in the controller with dns, the source ip is the local l3 scope.
When using the ip, the traffic is source-natted with the inner-ip of the IAP-VPN.
Also should I mention this problem is only when using enforce captive portal. All other traffic is souce-natted with the inner-ip of the IAP-VPN as it should.
Using ip:
ACL Name {A-GUEST:LAB-PRELOGON} Number {109}
1: any any 17 0-65535 8209-8211 P4
2: any 172.31.98.1 255.255.255.255 6 0-65535 80-80 PSD4
3: any 172.31.98.1 255.255.255.255 6 0-65535 443-443 PSD4
4: 192.168.10.0 255.255.255.0 10.10.10.26 255.255.255.255 6 0-65535 80-80 PS4
5: any 10.10.10.26 255.255.255.255 6 0-65535 80-80 P4
6: 192.168.10.0 255.255.255.0 10.10.10.26 255.255.255.255 6 0-65535 443-443 PS4 hits 3
7: any 10.10.10.26 255.255.255.255 6 0-65535 443-443 P4
Using DNS:
ACL Name {A-GUEST:LAB-PRELOGON} Number {109}
1: any any 17 0-65535 8209-8211 P4
2: any 172.31.98.1 255.255.255.255 6 0-65535 80-80 PSD4
3: any 172.31.98.1 255.255.255.255 6 0-65535 443-443 PSD4
4: 192.168.10.0 255.255.255.0 guest.aranya.se 6 0-65535 80-80 Pd4
5: any guest.aranya.se 6 0-65535 80-80 Pd4
6: 192.168.10.0 255.255.255.0 guest.aranya.se 6 0-65535 443-443 Pd4 hits 6
7: any guest.aranya.se 6 0-65535 443-443 Pd4
8: 192.168.10.0 255.255.255.0 10.10.10.26 255.255.255.255 6 0-65535 443-443 PS4
9: any 10.10.10.26 255.255.255.255 6 0-65535 443-443 P4
10: 192.168.10.0 255.255.255.0 8.8.8.8 255.255.255.255 17 0-65535 53-53 P4 hits 15