BOC behind internet line needs to connect to Clearpass
07-27-2017 02:04 AM
For a redesign I'm facing the following design question:
1 of our customer would like to deploy BOC behind a internet line (no fixed IP address) and is natted. The master controller is in the DMZ zone, so we can connect without issue.
However, they also have a clearpass (not in DMZ) that they want to use for captive portal for the guest users. For now the guests are in the same flat IP vlan distrubuted by the ISP (overlapping with the campus network).
How would I proceed so that the clients can connect to the clearpass?
So far I'm thinking of this as a solution:
Create a new routed VLAN on the BOC for the guests, create an IP route on the BOC terminated on the IPsecmap of the master controller and vice versa, with an non overlapping IP range. Source nat the normal user traffic out to the public internet line and direct route the ClearPass traffic via the BOC to the Master and then to the Clearpass.
Would this be possible?