REAP over a VPN Tunnel

Unanswered Question
May 16th, 2006
User Badges:

I have an off-site location that has a DSL 5 meg pipe to it (5M down, 512K up) and I have a site to site VPN tunnel going across that link. I am having trouble getting one Airespace 1030 REAP AP to connect back to the controller over the VPN tunnel. I got the REAP AP to see the controller by plugging it in locally at my main site, but when I take it down to my remote site, it will not connect to the controller. I didn't know if the VPN tunnel can support the LWAPP traffic. Is anyone else doing this? Thanks for any help in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
a-vazquez Mon, 05/22/2006 - 07:00
User Badges:
  • Silver, 250 points or more

LWAPP only support one UDP port for Control tunnel and Data Tunnel. LWAPP protocol uses UDP packets.

d.beaver Mon, 05/22/2006 - 12:15
User Badges:

Ok, dumb that down for me a little. What does UDP have to do with passing the LWAPP traffic across the VPN tunnel? Can it be done?



STEPHAN BERGFELD Tue, 05/23/2006 - 04:30
User Badges:

this sounds like a ppoe link.

there are problems with fragmentation on the controller site.

there fixed for recent versions.

but smaller mtu sizes only supported in reap mode !

still no luck for non reap mode aps

mikegallagher Tue, 05/23/2006 - 08:01
User Badges:

I ran across the same problem and it turned out to be a bug. The JOIN message from the AP was being fragmented (into three packets) and not properly understood by the controller, resulting in the controller claiming the AP had an invalid cert. If you're using IPsec for the tunnel, add this to the interface on the remote router that contains the crypto map:

crypto ipsec fragmentation after-encryption

Hope that helps you.

mikegallagher Tue, 05/23/2006 - 11:54
User Badges:

FYI, the bug id is CSCsb88424. Supposedly fixed in 3.2(116.21), however it looks like it was not, or I ran across a different strain of the bug. DEs are investigating now.

d.beaver Tue, 05/23/2006 - 13:53
User Badges:


You are the man! Thanks for the heads up on the bug. We are running the latest version so you're right, the bug still exists. We will try this tomorrow and see if we can get everything working like it should.

Thanks again.


STEPHAN BERGFELD Wed, 05/24/2006 - 00:37
User Badges:


same to me but:

the bug is only fixed if ap is reap mode

not fixed for local mode !


This Discussion



Trending Topics - Security & Network