Introduction
How to Configure VPN on the Base Station
Resolution
Cisco Aironet Base Stations (BSM and BSE models) provide home users and small offices with wireless connectivity to an intranet or the Internet. The Base Station Ethernet (BSE) model, with an Ethernet RJ-45 port, can be connected to the Internet by digital subscriber line (DSL) or cable modem. The Base Station Modem (BSM) model is equipped with an integrated 56k v.90 dialup modem that enables multiple computers to access the Internet through the legacy phone system.
A typical use of the Base Station unit is to access the Internet over either cable or DSL connection in conjunction with Virtual Private Networking (VPN) technology to provide quick and secure access to the company network.
It is easy to set up the Base Station unit with the Base Station Client Utility (BSCU). This document shows how to set up the unit for use with VPN.
Set Up VPN
IP Security
The first step in VPN setup is to accommodate for the use of the IP Security (IPSec) technology, which is incorporated within the VPN technology. IPSec uses encryption technology to provide data confidentiality, integrity, and authenticity between participating peers in a private network.
IPSec defines a new set of headers that are added to IP datagrams. These headers are placed after the IP header and before the Layer 4 protocol (typically Transmission Control Protocol [TCP] or User Datagram Protocol [UDP]). The result is that the packets go from the local network where the PC is installed through to the internet. These packets are a larger size than non-encrypted packets. The increased size can cause problems to devices that expect normal size packets, because the receiving devices see them as oversized packets.
Adjust the MTU
In order to ensure that receiving devices do not perceive the packets as oversized, you must adjust the size of the Maximum Transmission Unit (MTU) on the PC/host side. Adjust the total maximum size that the packet can take so that it does not exceed the normal size of a non encrypted Ethernet packet. VPN applications typically provides the option to customize the MTU size.
Complete these steps to adjust the MTU in a Cisco Systems VPN client within Microsoft Windows:
Choose Start > Programs > Cisco Systems VPN Client > Set MTU. This window opens:
Select the wireless client adapter that you use to connect to your Base Station unit (in the example shown in Figure 2, Local Area Connection 3).
Under MTU Options, click the 1400 radio button, and then click OK. This causes your PC to transmit packets with 1400 bytes as the maximum. Therefore, the additional IPSec header is accommodated, but the 1518 byte normal maximum size of an Ethernet packet is not exceeded.
Problem Type
Configure / Configuration issues
Products
Base Station
Reference
Using VPN with the Cisco Aironet Base Station