LWAPP over IPSEC

J_Vansen_S · ‎12-03-2007

Hi All,

I am trying to get a LAP at my remote office to register back to my WLC at HQ,

Remote office is currently using tunnel VPN IPSEC over TCP.

Is that possible?

I tried this setup, but failed to work. Debug dhcp and debug lwapp on the WLC shows nothing at all. LAP at remote site seems unable to find its way back to WLC. I have configured option 43 as according to cisco documentation

PLz advice

jakew · ‎12-03-2007

I'm doing it in my home right now. You might try using the AP console cable to prime the AP instead of DHCP 43.

J_Vansen_S · ‎12-03-2007

my Ap does not have a console port. I am using the Aironet 1030.

Thanks for the hints, but im still none the wiser. Would u mind explaining how u did it?

Richard Atkin · ‎12-04-2007

Presuming you don't have a DHCP / DNS Server in your Remote Office, take the AP in to the main office and provision it there. Configure the Primary WLC, but keep it configured to use DHCP.

Take it back to the remote office, plug it in and it should pickup a DHCP Address and have remembered the WLC IP Address, which it will try to conenct to.

Some possible problems are;

- Routing / Firewall / ACL restrictions between the sites.

- MTU limitations between the sites. MTU needs to be greater than 500 bytes. If this is happening, you should see Crypto errors on the WLC.

J_Vansen_S · ‎12-04-2007

thank you for your advice, i shall look into the possible problems.

I was wondering if IPSEC over TCP is an issue for LWAPP? As i read on the cisco doc saying that LWAPP utilizes udp 12222 and 12223.

Plz advice