Wireless Access

Occasional Contributor I

Clearpass guest Captive portal DNS entry

I have a guest network that is running behind a ASA5525 and am using clearpass guest for the captive portal. My question is how do I get the users to resolve the url if I don't have a DNS server in my DMZ network and I don't want to open my internal DNS to my guest network. 

Guru Elite

Re: Clearpass guest Captive portal DNS entry

Either put an entry in public DNS or if the ASA supports DNS proxy, you can use that to create static entries.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor I

Re: Clearpass guest Captive portal DNS entry

So I will have to create a NAT on the ASA
Guest Blogger

Re: Clearpass guest Captive portal DNS entry

NAT May be needed, yes, but not necessarily just for DNS.

If your guest users will only have access to public DNS servers, like, then the DNS name of the captive portal needs to be public. So if your public domain is corp.com, you’ll want a DNS entry for guest.corp.com so that guests can resolve that anywhere. That DNS record may point to a NAT’ed IP address, which is fine. Having the DNS record public ensures that your guests can resolve it without having to use your internal DNS servers to do so.
Search Airheads
Showing results for 
Search instead for 
Did you mean: