Afternoon,
I've recently just setup an IAP-VPN environment and am now working through authentication services within that environment.
I have tried setting up a ClearPass Device using an IP address range in the format of 192.168.1.1-20 where the range is the same as our inner IP pool for iapvpn. This device is then added to a Device Group where our services then look for the NAD IP within this group, etc.
However when configured this way, the service catagorisation fails when performing an authentication attempt from behind the vpn tunnel, yet when I specify the unique inner tunnel ip and not an IP range for the clearpass device, service catagorisation and subsequently, authentication succeeds correctly.
Before going to TAC i'm wanting to see if what i'm trying to do by specifying an IP range for a ClearPass device should be ok and work as I expect? Ideally I would like one ClearPass device with the range of our inner tunnel IP range.
Anyone had any experience or best ways of setting up ClearPass devices when VPN tunnels are in use, etc?
Regards
Jono