Do you mind sharing why would I need to have a route back to the controller from the ASA?
I thought the route should be:
Wifi Clients -> Controller -> ASA -> Internet
?
It seems like the controller is acting as a FW also so it is blocking everything (broadcast packet, etc.) outgoing from it because I did a packet tracer on the ASA (with Cisco support help) and was not able to see any packet hitting the ASA even though my ipad is connected to the wifi and able to get to the internet.
I did disable the NAT on the controller and enable it on the ASA but since we're not seeing any packet hitting the ASA, then the NAT is useless.
So I had to reenable it again on the controller or the users won't be able to get to the internet.
Any other ideas that I should try?
Maybe I need to change the controller functionality to not become a firewall and just function as a controller and let the AP doing the FW for the clients.
Do you know if there's a KB or blog for it?
Thank you.