Showing results for 
Search instead for 
Did you mean: 

VPN-PassThrough with wlc 5508

HI, i have 2 ssid with the same comfiguration (diff only in name) in one ipsec ssid vpn (l2tp over ipsec with natt ) works fine, in another after phase 2 is completed no traffic is forwarded and vpn session is dropped.

There are no access lists on equipment.

I found in documentation that need to activate L3 security and set it to vpn pass-through, but in drop-down menu only one item "none".

What is the reason to drop ipsec traffic  ?

Cisco Employee

Configure a WLAN for VPN passthrough using the controller CLI by entering this command:

•config wlan security passthru {enable | disable} wlan_id gateway

For gateway, enter the IP address of the router that is terminating the VPN tunnel.

Verify that the passthrough is enabled by entering this command:

•show wlan

I see the drop down showing vpn passthrough for and the applicable cli.


(Cisco Controller) >config wlan security ?

802.1X         Configures 802.1X.

cond-web-redir Configured Conditional Web Redirect.

splash-page-web-redir Configured Splash-Page Web Redirect.

static-wep-key Configures static WEP keys on a WLAN.

web-auth       Configures Web authentication.

web-passthrough Configures Web Captive Portal with no authentication required.

wpa            Configures WPA/WPA2 Support for a WLAN

ckip           Configures CKIP Security on WLAN.

tkip           Configures TKIP MIC countermeasures hold-down timer (0-60 seconds)

passthru is mising here too, i will try to downgrade to

Cisco Employee

use code, what you're seeing is a bug and it require to fix. please open tac case and refer this link.

Cisco Employee

vpn passthrough is not a supported feature on 5500 based WLCs, however it does support on 4400/Wism1. It is a bug that gui and cli shows the feature configurations on unsupported platforms however using ACLs vpn passthrough is still supported.


The VPN Passthrough option is not available on Cisco 5500 Series and Cisco 2100 Series Controllers. However, you can replicate this functionality on a Cisco 5500 or 2100 Series Controller by creating an open WLAN using an ACL.

Content for Community-Ad

This widget could not be displayed.