So I have a customer who is using a filtering system on the guest network to keep people from accessing inappropriate websites. They want to be able to use see exactly who attempts to do this in their firewall, but right now the IAP is sending the requests as itself.
We configured the VC to hand out IP addresses for the users and on their firewall, any request from 192.168.1.1/24 is given the gateway of the virtual controller. The virtual controller's gateway is the firewall/filter and is sending the request as itself. Is there a way to keep from NAT the request and send as the user instead?
They currently have a 3200 controller we are replacing and they had the same issue, but don't remember how it was resolved.
Any ideas here? They cannot change the way they are processing data as this is a school and I'm not sure how to resolve this. I considered having them filter any request from the VC address to fix that issue, but we have a 802.1x network as well and wanted to make sure it wouldn't break that either.