Is the src-nat IP address routable from the Clearpass server? Can you ping it?
Are you using mutliple IP addresses in the NAT pool or just one?
You could not enter a NAT pool and allow the controller to use the interface address the packet is being routed out of.
ip access-list session temp
user host x.x.x.x svc-https src-nat
user any svc-https permit
Can you post the ACL doing the src-nat so we can review?