Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

WLC 5508 & Forefront Threat Management Gateway.

We are trying to implement a Guest wireless network on a new WLC 5508 which connects to the Internet via a Windows 2008R2 server running Forefront Threat Management Gateway beyond which there's a ASA and then the Internet. The Windows server also provides DHCP and DNS to the WLAN clients.

The problem we're having is that the TMG server will not return packets to a wireless client. We booth the wireless client, it picks up a DHCP address (from the TMG server), we open a browser and try and access the Internet, result; nothing. If we run Wireshark on the client we can see the DHCP request and response, we see the DNS request but no reply comes back. On the TMG server in the TMG live log we can see that it is dropping the packets to the client with the following error message:

A packet was dropped because its destination IP address is unreachable.

We've tried attaching a wired PC to the same VLAN and it can obtain an IP address from the TMG server, get DNS resolution from the TMG server and access the Internet so we know the problem must lie beteen the TMG server and the WLC 5508 but we can't determine whether it's something the WLC is doing which "masks" the client from the TMG server or something in the TMG server which is preventing it from communicating with the client.

If we open a browser on the client and enter we get the login page and can authenticate (we have no DNS Host Name on the Virtual Interface, we've tried it with and without, no difference either way) but after that, nothing. We can see the client making repeated DNS requests and the return packets for each one are dropped by the TMG server with the message above.

Any advice would be much appreciated.

The WLC is running Software Version

  • Security and Network Management
Everyone's tags (2)
This widget could not be displayed.