Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3133
Views
5
Helpful
4
Replies

VPN-PassThrough with wlc 5508 7.0.235.0

a-kushner
Level 1
Level 1

‎11-21-2012 01:17 AM - edited ‎07-03-2021 11:05 PM

HI, i have 2 ssid with the same comfiguration (diff only in name) in one ipsec ssid vpn (l2tp over ipsec with natt ) works fine, in another after phase 2 is completed no traffic is forwarded and vpn session is dropped.

There are no access lists on equipment.

I found in documentation that need to activate L3 security and set it to vpn pass-through, but in drop-down menu only one item "none".

What is the reason to drop ipsec traffic  ?

Labels:
0 Helpful
4 Replies 4

Saravanan Lakshmanan
Cisco Employee
Cisco Employee

‎11-21-2012 03:43 PM

http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70wlan.html#wpmkr1140732

Configure a WLAN for VPN passthrough using the controller CLI by entering this command:

•config wlan security passthru {enable | disable} wlan_id gateway

For gateway, enter the IP address of the router that is terminating the VPN tunnel.

Verify that the passthrough is enabled by entering this command:

•show wlan

I see the drop down showing vpn passthrough for 7.0.116.0 and the applicable cli.

0 Helpful

a-kushner
Level 1
Level 1
In response to Saravanan Lakshmanan

‎11-21-2012 06:05 PM

(Cisco Controller) >config wlan security ?

802.1X         Configures 802.1X.

cond-web-redir Configured Conditional Web Redirect.

splash-page-web-redir Configured Splash-Page Web Redirect.

static-wep-key Configures static WEP keys on a WLAN.

web-auth       Configures Web authentication.

web-passthrough Configures Web Captive Portal with no authentication required.

wpa            Configures WPA/WPA2 Support for a WLAN

ckip           Configures CKIP Security on WLAN.

tkip           Configures TKIP MIC countermeasures hold-down timer (0-60 seconds)

passthru is mising here too, i will try to downgrade to

7.0.116.0

0 Helpful

Saravanan Lakshmanan
Cisco Employee
Cisco Employee

‎11-21-2012 04:13 PM

use code 7.0.116.0, what you're seeing is a bug and it require to fix. please open tac case and refer this link.

0 Helpful

Saravanan Lakshmanan
Cisco Employee
Cisco Employee

‎11-22-2012 12:26 PM

vpn passthrough is not a supported feature on 5500 based WLCs, however it does support on 4400/Wism1. It is a bug that gui and cli shows the feature configurations on unsupported platforms however using ACLs vpn passthrough is still supported.

http://www.cisco.com/en/US/partner/docs/wireless/controller/release/notes/crn7_2_111_3.html#wp786160

http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70ovrv.html#wp1154082

***********

http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70wlan.html#wp1084908

The VPN Passthrough option is not available on Cisco 5500 Series and Cisco 2100 Series Controllers. However, you can replicate this functionality on a Cisco 5500 or 2100 Series Controller by creating an open WLAN using an ACL.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card