Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Assuming that NAT is working correctly and the firewall is doing it's job with NAT, have you looked at DNS? I would verify that you have the correct DNS addresses and that they too are allowed through your FW. You problem may be deeper than simple ...
My suggestion is that you run a debug from the controllers CLI.(cisco controller) >debug client xx:xx:xx:xx:xx:xxWhen you /release /renew your clients workstation address, you should see an output in the CLI that relates to DHCP requests. This give...
