If you do a ping source vlan you will be able to
ping it
you will need to define the ip nat pool (so the traffic will go through the
controller internal IP)
ip NAT pool GUEST-NAT-IP
!
netdestination CLEARPASS-SERVER-DEST
host
!
ip access-list session CLEARPASS-NAT-ACL
user alias CLEARPASS-SERVER-DEST svc-http src-nat pool GUEST-NAT-IP
user alias CLEARPASS-SERVER-DEST svc-https src-nat pool GUEST-NAT-IP
!
user-role guest-logon
access-list session CLEARPASS-NAT-ACL position 3
access-list session captiveportal position 4
access-list session captiveportal position 5
!