HI
I have following problem
I configured RAP access point from series 335. Access point is with public address and sucesfully connected with my controller 7010 with version 8.2
A controller is configured as MD node and i have Aruba MM deployed in vidtual machine.
I have to create split tunnel for corporate SSID with radius authentication i CLEARPASS and this is working only in TUNNEL mode.
I create RAP-SPLIT user role like this:
any any service dhcp permit
any any service dns permit
any alias (corp network X.X.255.255) permit
alias (corp network X.X.255.255) any permit
any any any route-source-nat
In aruba SSID virtual AP profile i configured split-tunnel forwarding mode.
Every RAP Access point is connected to controllers and have IP from Pool of aruba MM controller this DHCP pool is not routed of corporate network.

When wireless client is connected to Split-Tunnel SSID is authenticated sucessfuly and have ip address From corporate DHCP server subnet BUT dont have internet.
Thank you for your help.