Here is why I ask. I have this setup for a customer with multiple locations, WLC centrally located. Guest users are unable to use VPN. The guest networks are routed over a tunnel through another firewall using PBR. So out of this mess, something is causing IPSec to fail, and I want to rule out a limitation on the WLC Flexconnect if possible.
The sentence mean that those metnioned VPN methods won't work if the WLAN is centrally switched. The WLAN should be locally switched and the VPN resources (ASA...etc) should be on local network on which the AP resides. Otherwise those are not supported.
Rating useful replies is more useful than saying "Thank you"