Hi All,
I have a customer with a number of IAP clusters at different branches. All have a VPN back to a core controller wwhich has an interface into the DMZ network where we host a clearpass for guest only.
The sites seem to have lost the ability to authenticate guest users although the users can reach the page on CP and create accounts. The VPNs are reported as up on the controller. I don't see any events in access tracker or event viewer on CPPM for these sites. The sites have a low count of users so I am not sure when this issue began although a little while ago we upgraded due to the KRACK vulnerability.
The IAPs are 13x series running 6.4.4.8-4.2.4.9_61734 and the controller is a 7210 running 6.5.3.3 and the VPNs terminate on a VRRP.
The only thing so far that has caught my attention is that the routing table looks different on the cluster that has been reported as not working - on another cluster it has routes (show ip route) to the DMZ address for the CPPM.
Any ideas?