We are trying to implement a Guest wireless network on a new WLC 5508 which connects to the Internet via a Windows 2008R2 server running Forefront Threat Management Gateway beyond which there's a ASA and then the Internet. The Windows server also provides DHCP and DNS to the WLAN clients.
The problem we're having is that the TMG server will not return packets to a wireless client. We booth the wireless client, it picks up a DHCP address (from the TMG server), we open a browser and try and access the Internet, result; nothing. If we run Wireshark on the client we can see the DHCP request and response, we see the DNS request but no reply comes back. On the TMG server in the TMG live log we can see that it is dropping the packets to the client with the following error message:
A packet was dropped because its destination IP address is unreachable.
We've tried attaching a wired PC to the same VLAN and it can obtain an IP address from the TMG server, get DNS resolution from the TMG server and access the Internet so we know the problem must lie beteen the TMG server and the WLC 5508 but we can't determine whether it's something the WLC is doing which "masks" the client from the TMG server or something in the TMG server which is preventing it from communicating with the client.
If we open a browser on the client and enter http://184.108.40.206/login.html we get the login page and can authenticate (we have no DNS Host Name on the Virtual Interface, we've tried it with and without, no difference either way) but after that, nothing. We can see the client making repeated DNS requests and the return packets for each one are dropped by the TMG server with the message above.
We are moving! Please use WLCCA Forum for updates and discussions
[toc:faq] Wireless LAN Controller (WLC) Config Analyzer Download Click
here to Download To request access, send an e-mail to
firstname.lastname@example.org. Please include your Cisco.com userna...
[toc:faq] IntroductionHere is the step by step process that we have to
take care of while converting LWAPP to IOS and then vice versa..LWAPP to
IOSThe hardware used = 1141 AP (make sure we are using the right
[toc:faq] Introduction AnyConnect Secure Mobility Client 3.0: Network
Access Manager & Profile Editor on Windows Summary Use the Cisco
AnyConnect Network Access Manager Profile Editor to build custom
profiles for the AnyConnect Secure Mobility Client. App...