Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IPSec over Flexconnect

My brain is befuddled. Trying to understand what this means.

VPN,  IPsec, L2TP, PPTP, Fortress authentication, and Cranite authentication  are supported for locally switched traffic, provided that these security  types are accessible locally at the access point.

This is from the Flexconnect section for configuration.

http://www.cisco.com/en/US/docs/wireless/ncs/1.1/configuration/guide/hreap.html

Here is why I ask. I have this setup for a customer with multiple locations, WLC centrally located. Guest users are unable to use VPN.   The guest networks are routed over a tunnel through another firewall using PBR.  So out of this mess, something is causing IPSec to fail, and I want to rule out a limitation on the WLC Flexconnect if possible.

Everyone's tags (3)
5 REPLIES
Hall of Fame Super Silver

Re: IPSec over Flexconnect

The wlc will not block any traffic unless you have an acl on the wlc that prevents that connection. Connect a laptop to a wired port on that vlan and see if it works or not.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

IPSec over Flexconnect

The sentence mean that those metnioned VPN methods won't work if the WLAN is centrally switched. The WLAN should be locally switched and the VPN resources (ASA...etc) should be on local network on which the AP resides. Otherwise those are not supported.

Rating useful replies is more useful than saying "Thank you"
New Member

IPSec over Flexconnect

TH AP's are set to local. So if I put a client on the wired in the same VLAN as teh wireless, and have them test, if they can connect OK, where should I look next?

New Member

Re: IPSec over Flexconnect

So what you're saying is if you put a hardwired client in the same VLAN as the SSID is in (not the AP) then you're able to get out?

Unless you have some form of ACL on the WLC the type of traffic doesn't matter.

Does wireless work on another SSID that's associated with another VLAN?

Do you receive any errors from the VPN client? What type of VPN/cleint are you using?

Regards,

Aaron

New Member

IPSec over Flexconnect

My H-REAP doesnt' break IPsec tunnel, but I have a same question about this sentenses.

https://supportforums.cisco.com/message/3913118#3913118

1079
Views
0
Helpful
5
Replies