Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN Passthrough and Web Authentication

According to the documentation, if you use VPN Passthrough for security, it is also possible to enable the web authentication (normally, for other security methods, this is not possible). My question is - what does that buy you? My suspicion is that the VPN passthrough basically shunts the authentication/access decision off to the VPN server. No wireless access is allowed without establishing the VPN tunnel, and once that is done, all traffic must traverse that tunnel. However, as a convenience, folks may want to allow users on that ssid to login via the web authentication, if they want to use a guest-like access for the internet only. Does anyone know if my interpretation of passthrough is correct, and what the thinking with the web authentication capability here is? Thanks!


Re: VPN Passthrough and Web Authentication

Wireless LANs can use web authentication if IPSec is not enabled on the controller. Web Authentication is simple to set up and use, and can be used with SSL to improve the overall security of the wireless LAN. Enter these commands to enable web authentication for a wireless LAN:

config wlan security web {enable | disable} wlan-id

Enter show wlan to verify that web authentication is enabled.

IPSec IKE uses IPSec Passthrough to allow IPSec-capable clients to communicate directly with other IPSec equipment. IPSec Passthrough is also known as VPN Passthrough. Enter this command to enable IPSec Passthrough for a wireless LAN:

config wlan security passthru {enable | disable} wlan-id gateway

For gateway, enter the IP address of the IPSec (VPN) passthrough gateway.

Enter show wlan to verify that the passthrough is enabled.