Hello Team,
we are doing office extended setup on cisco 5508 controller with 8.5.135 airos and 2702i access point
controller is behind firewall
our 5508 controller is not dedicated for the OEAP setup our controller working as gust anchor controller also it is in HA,
destination Nat is present on the firewall,
On firewall we have the port 5246 and 5247 open for real ip to join the controller,
currently NAT ip is not configured in mgmt. interface of 5508 controller, option is grid out in mgmt. interface of 5508 controller as it is in HA
Query
1. Is it mandatory to have the NAT on the 5508 management interface only ? or we can do NAT on other part of network(on firewall facing towards DMZ-internet).
Because we did the destination NAT on the firewall side for the management ip of our controller
Request of the 2702i coming to the controller using real ip , discovery response also going from wlc to destination real ip, next exchange is lost somewhere
2. our wlc has 8.5.135 license we don't require special DTLS license as it already has DATA+Wplus in existing airos right?
3. if we configure the NAT directly on the MGMT interface we need to break HA, enable NAT, again build HA, and we have the guest mobility tunnel to private ip to all other sites , does it will be problem for this tunnels.
Many thanks
Shrikant