cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2528
Views
5
Helpful
4
Replies
Highlighted
Beginner

VPN-PassThrough with wlc 5508 7.0.235.0

HI, i have 2 ssid with the same comfiguration (diff only in name) in one ipsec ssid vpn (l2tp over ipsec with natt ) works fine, in another after phase 2 is completed no traffic is forwarded and vpn session is dropped.

There are no access lists on equipment.

I found in documentation that need to activate L3 security and set it to vpn pass-through, but in drop-down menu only one item "none".

What is the reason to drop ipsec traffic  ?

4 REPLIES 4
Highlighted
Cisco Employee

http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70wlan.html#wpmkr1140732

Configure a WLAN for VPN passthrough using the controller CLI by entering this command:

•config wlan security passthru {enable | disable} wlan_id gateway

For gateway, enter the IP address of the router that is terminating the VPN tunnel.

Verify that the passthrough is enabled by entering this command:

•show wlan

I see the drop down showing vpn passthrough for 7.0.116.0 and the applicable cli.

Highlighted

(Cisco Controller) >config wlan security ?

802.1X         Configures 802.1X.

cond-web-redir Configured Conditional Web Redirect.

splash-page-web-redir Configured Splash-Page Web Redirect.

static-wep-key Configures static WEP keys on a WLAN.

web-auth       Configures Web authentication.

web-passthrough Configures Web Captive Portal with no authentication required.

wpa            Configures WPA/WPA2 Support for a WLAN

ckip           Configures CKIP Security on WLAN.

tkip           Configures TKIP MIC countermeasures hold-down timer (0-60 seconds)

passthru is mising here too, i will try to downgrade to

7.0.116.0

Highlighted
Cisco Employee

use code 7.0.116.0, what you're seeing is a bug and it require to fix. please open tac case and refer this link.

Highlighted
Cisco Employee

vpn passthrough is not a supported feature on 5500 based WLCs, however it does support on 4400/Wism1. It is a bug that gui and cli shows the feature configurations on unsupported platforms however using ACLs vpn passthrough is still supported.

http://www.cisco.com/en/US/partner/docs/wireless/controller/release/notes/crn7_2_111_3.html#wp786160

http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70ovrv.html#wp1154082

***********

http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70wlan.html#wp1084908

The VPN Passthrough option is not available on Cisco 5500 Series and Cisco 2100 Series Controllers. However, you can replicate this functionality on a Cisco 5500 or 2100 Series Controller by creating an open WLAN using an ACL.

Content for Community-Ad

This widget could not be displayed.