Wireless Access

Reply
New Contributor

Source NAT pool combined with routing

Situation:

  • Client connects on wireless Guest network on remote office (local controller)
  • Client gets redirected to Clearpass (10.10.10.1)
  • Connection is routed through ipsec tunnel

Problem:

  • It is not possible to create a route back to the client range (overlapping ranges)
  • it is not possible to create route back to the local controller (overlapping ranges)

To bypass the overlapping ranges-issue, a dummy ip and vlan were created on the local controller.

This is used for radius packets:

2017-05-24_15h52_11.png

For Radius this is working fine.

 

We also want to use this for showing the guest portal to the client.

Tried to change the Policy

  • adding a 'route' rule:
    2017-05-24_15h55_22.pngThis results in a connection to the clearpass, but with the 'controller ip' instead of the 'dummy ip' (so the routing back doesn't work)
  • adding a 'source nat' rule:
    2017-05-24_15h57_44.pngThis even doesn't result in a connection to the clearpass, or doesn't show a connection on the controller (using show datapath session table <clientip>)

Any idea on how to combine both? (using routing with a source nat, defined by the source nat pool)

 

A overview drawing can be found below:2017-05-24_15h41_31.png

Aruba

Re: Source NAT pool combined with routing

Can you share the following please:

 

show ip nat pool

show ip interface brief

 

 

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

New Contributor

Re: Source NAT pool combined with routing

Hi Clembo,

Please find the output below.

 

(Local) #show ip nat pool

NAT Pools
---------
Name Start IP End IP DNAT IP Flags
---- -------- ------ ------- -----
nat_dummy_ip 192.168.238.10 192.168.238.10 0.0.0.0
dynamic-srcnat 0.0.0.0 0.0.0.0 0.0.0.0


(Local) #show ip interface brief

Interface IP Address / IP Netmask Admin Protocol
vlan 2 192.168.10.254 / 255.255.255.0 up up
vlan 1 10.10.0.10 / 255.255.255.0 up up
vlan 1000 192.168.238.10 / 255.255.255.0 up up
loopback unassigned / unassigned up up
mgmt unassigned / unassigned up down

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: