We have successfully built the first self registration MAB'ed Z policy which authorizes all MACs to hit the CWA and a redirect. WIth Flex you must have an IPV4 and a Flex ACL on the controller that is referenced in the Z result policy. We have this in and it is working to here. Upon completion of the Guest Portal signup, we also reauth, which then combs the Zs for the Guest flow, which is being hit and resulting in a Guest Z Result. Our dilemma is that upon the successful secondary Z, the client will receive the successful completion and the logs also show the successful Z and Z result, but the client can not go anywhere and soon reauths. On the controller, the client has the Guest IPV4 acl. Our big question, is the client supposed to have a cloned flex connect acl also applied, and if so, how do I tweak the Z result to do so as all of the documentation that I could find references are for the redirect only, and that is for a bug workaround until we're on 7.5.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...