Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Clearpass guest Captive portal DNS entry

This thread has been viewed 19 times

  • 1.  Clearpass guest Captive portal DNS entry

    Posted Mar 09, 2018 06:28 PM

    I have a guest network that is running behind a ASA5525 and am using clearpass guest for the captive portal. My question is how do I get the users to resolve the url if I don't have a DNS server in my DMZ network and I don't want to open my internal DNS to my guest network. 



  • 2.  RE: Clearpass guest Captive portal DNS entry

    EMPLOYEE
    Posted Mar 09, 2018 06:47 PM
    Either put an entry in public DNS or if the ASA supports DNS proxy, you can use that to create static entries.


  • 3.  RE: Clearpass guest Captive portal DNS entry

    Posted Mar 10, 2018 07:14 AM
    So I will have to create a NAT on the ASA


  • 4.  RE: Clearpass guest Captive portal DNS entry

    Posted Mar 10, 2018 11:16 AM
    NAT May be needed, yes, but not necessarily just for DNS.

    If your guest users will only have access to public DNS servers, like 8.8.8.8, then the DNS name of the captive portal needs to be public. So if your public domain is corp.com, you’ll want a DNS entry for guest.corp.com so that guests can resolve that anywhere. That DNS record may point to a NAT’ed IP address, which is fine. Having the DNS record public ensures that your guests can resolve it without having to use your internal DNS servers to do so.