Security

Hello,

 

We have installed clearpass for the purpose of using it for guest access. The current setup has the CPPM connected to internal network.  I have got a trusted certificate fro verisign/symantec and installed it for the purpose of using it for the guest captive portal authentication.  I have setup our guest access on our sites and would like to authenticate guests and allow sponsors to approve their access.  I have setup a testbed for this purpose and found would like to know how I can go about getting the certificate to be valid when used with an internal (non-public) IP.  When the guests attach to the network they are directly on the internet vlan at the site which has no connection to our internal network.  How is it possible to get the guests to the internal CPPM server for the captive portal?  I have tested it now and it is working by getting the AP to NAT the guest requests and using the IP Address of the CPPM server.  However, when we have the certificate we need to use the FQDN of the CPPM server to ensure the certificate can be validated.  How can I get this to work?  Is it by pointing the Guest Users' DNS server to an internal server and allow this to work via policy? or is there a better way of doing this.

 

Thanks,

Liban.

 

 

You can either make a public DNS entry or use the DNS proxy feature of your upstream router to add a static entry for ClearPass.

I've done both. They work equally well.

Thanks,
Tim

Hello Tim,

 

Thanks for your suggestion.  I have now registered the clearpass in DNS with a private address and it works as you suggested.  I can now get to the clearpass captive portal via FQDN and there are no issues with the certificate validity.

 

Thanks,

Liban.

What wireless hardware are you using?

Hello Zack,

 

I am using Aruba Instant APs 204 and 205 with the virtual controller option.

 

Regards,

Liban.