connection via iap and controller via icmp is ok
80:8d:b7:cf:71:c6# ping 172.24.0.254
Press 'q' to abort.
PING 172.24.0.254 (172.24.0.254): 56 data bytes
64 bytes from 172.24.0.254: icmp_seq=0 ttl=64 time=1.8 ms
64 bytes from 172.24.0.254: icmp_seq=1 ttl=64 time=1.1 ms
64 bytes from 172.24.0.254: icmp_seq=2 ttl=64 time=0.7 ms
64 bytes from 172.24.0.254: icmp_seq=3 ttl=64 time=1.6 ms
64 bytes from 172.24.0.254: icmp_seq=4 ttl=64 time=1.3 ms
--- 172.24.0.254 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0.7/1.3/1.8 ms
no firewall between iap and controller
80:8d:b7:cf:71:c6# show datapath session | include 172.24.126.183
172.24.0.1 172.24.126.183 17 53 60364 0 0 0 1 dev19 3b 0 0 FNI
172.24.0.1 172.24.126.183 17 53 62542 0 0 0 1 dev19 47 0 0 FNI
172.24.0.1 172.24.126.183 17 53 52655 0 0 0 1 dev19 47 0 0 FNI
172.24.0.1 172.24.126.183 17 53 57985 0 0 0 0 dev19 8 1 82 FNI
172.24.0.1 172.24.126.183 17 53 63876 0 0 0 1 dev19 39 0 0 FNI
172.24.0.1 172.24.126.183 17 53 63911 0 0 0 0 dev19 3b 0 0 FNI
172.24.0.1 172.24.126.183 17 53 60999 0 0 0 0 dev19 47 0 0 FNI
172.24.0.1 172.24.126.183 17 53 52318 0 0 0 0 dev19 18 1 93 FNI
172.24.0.1 172.24.126.183 17 53 62224 0 0 0 1 dev19 47 0 0 FNI
172.24.0.1 172.24.126.183 17 53 52432 0 0 0 1 dev19 47 0 0 FNI
172.24.0.1 172.24.126.183 17 53 61428 0 0 0 1 dev19 49 0 0 FNI
172.24.0.1 172.24.126.183 17 53 58804 0 0 0 0 dev19 18 1 9a FNI