Security

Reply
MVP
Posts: 880
Registered: ‎04-13-2009

DNS converted to IP on SRC-NAT traffic to proxy server

[ Edited ]

Hi All,

 

Scenario:

Customers has a 3200 controller with a number of AP105s. They have a guest SSID configured on a VLAN, we'll call guest VLAN. They have a corp VLAN which everything else sits on. The default gateway on the controller has been configure as their onsite proxy server which is configured as a transparent proxy.

 

Issue:

Guest clients can associate fine but are unable to browse the internet. We can see the traffic hitting the proxy server but instead of seeing HTTP GET requests for the domains we are attempting to browse to we're seeing that clients are attempting to browse to the websites IP address.

 

I've tried setting the role clients get to allowall and I'm seeing the same results. We're using external DNS servers.


I'm just wondering if there's anything on the controller that I've missed which could cause this?

 

If I configure a client on a non-SRC-NAT SSID with its default gateway as the transparent proxy and using the same DNS it works fine.


Image attached shows what we're seeing when a client attempts to connect to the bbc.co.uk website.

 

Cheers

James

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Guru Elite
Posts: 20,410
Registered: ‎03-29-2007

Re: DNS converted to IP on SRC-NAT traffic to proxy server

Are you doing IP Nat Inside on the VLAN level, or are you using an ACL to do the source-nat, in this case?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 880
Registered: ‎04-13-2009

Re: DNS converted to IP on SRC-NAT traffic to proxy server

Hi Colin,

 

We're doing it at the VLAN level.

 

James

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Guru Elite
Posts: 20,410
Registered: ‎03-29-2007

Re: DNS converted to IP on SRC-NAT traffic to proxy server

I am not sure what that is.  The source ip address should be the controller's and the destination should be the website on port 80 and the proxy should be intercepting it.  We probably need a packet capture to determine exactly what is going on.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 880
Registered: ‎04-13-2009

Re: DNS converted to IP on SRC-NAT traffic to proxy server

OK thanks Colin. I'll get a packet capture and log with TAC.

Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Search Airheads
Showing results for 
Search instead for 
Did you mean: