Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
746
Views
0
Helpful
7
Replies

REAP over a VPN Tunnel

d.beaver
Level 1
Level 1

‎05-16-2006 03:37 AM - edited ‎07-04-2021 12:05 PM

I have an off-site location that has a DSL 5 meg pipe to it (5M down, 512K up) and I have a site to site VPN tunnel going across that link. I am having trouble getting one Airespace 1030 REAP AP to connect back to the controller over the VPN tunnel. I got the REAP AP to see the controller by plugging it in locally at my main site, but when I take it down to my remote site, it will not connect to the controller. I didn't know if the VPN tunnel can support the LWAPP traffic. Is anyone else doing this? Thanks for any help in advance.

Labels:
0 Helpful
7 Replies 7

a-vazquez
Level 6
Level 6

‎05-22-2006 07:00 AM

LWAPP only support one UDP port for Control tunnel and Data Tunnel. LWAPP protocol uses UDP packets.

0 Helpful

d.beaver
Level 1
Level 1
In response to a-vazquez

‎05-22-2006 12:15 PM

Ok, dumb that down for me a little. What does UDP have to do with passing the LWAPP traffic across the VPN tunnel? Can it be done?

Thanks,

Dave

0 Helpful

STEPHAN BERGFELD
Level 1
Level 1
In response to d.beaver

‎05-23-2006 04:30 AM

this sounds like a ppoe link.

there are problems with fragmentation on the controller site.

there fixed for recent versions.

but smaller mtu sizes only supported in reap mode !

still no luck for non reap mode aps

0 Helpful

mikegallagher
Level 1
Level 1

‎05-23-2006 08:01 AM

I ran across the same problem and it turned out to be a bug. The JOIN message from the AP was being fragmented (into three packets) and not properly understood by the controller, resulting in the controller claiming the AP had an invalid cert. If you're using IPsec for the tunnel, add this to the interface on the remote router that contains the crypto map:

crypto ipsec fragmentation after-encryption

Hope that helps you.

0 Helpful

mikegallagher
Level 1
Level 1
In response to mikegallagher

‎05-23-2006 11:54 AM

FYI, the bug id is CSCsb88424. Supposedly fixed in 3.2(116.21), however it looks like it was not, or I ran across a different strain of the bug. DEs are investigating now.

0 Helpful

d.beaver
Level 1
Level 1
In response to mikegallagher

‎05-23-2006 01:53 PM

Mike,

You are the man! Thanks for the heads up on the bug. We are running the latest version so you're right, the bug still exists. We will try this tomorrow and see if we can get everything working like it should.

Thanks again.

Dave

0 Helpful

STEPHAN BERGFELD
Level 1
Level 1
In response to d.beaver

‎05-24-2006 12:37 AM

Hi,

same to me but:

the bug is only fixed if ap is reap mode

not fixed for local mode !

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card