Situation:
- Client connects on wireless Guest network on remote office (local controller)
- Client gets redirected to Clearpass (10.10.10.1)
- Connection is routed through ipsec tunnel
Problem:
- It is not possible to create a route back to the client range (overlapping ranges)
- it is not possible to create route back to the local controller (overlapping ranges)
To bypass the overlapping ranges-issue, a dummy ip and vlan were created on the local controller.
This is used for radius packets:
For Radius this is working fine.
We also want to use this for showing the guest portal to the client.
Tried to change the Policy
- adding a 'route' rule:
This results in a connection to the clearpass, but with the 'controller ip' instead of the 'dummy ip' (so the routing back doesn't work) - adding a 'source nat' rule:
This even doesn't result in a connection to the clearpass, or doesn't show a connection on the controller (using show datapath session table <clientip>)
Any idea on how to combine both? (using routing with a source nat, defined by the source nat pool)
A overview drawing can be found below: