We have a C4110 on release 10.11.03.0004 with 210 APs. A mix of 3935s, 3825s, and 3710s. We have clients that can not user their Cisco VPN software on our main VNS that is bridged at the controller. The tunnel is established but they can not pass traffic over it. When switched over to a VNS that is bridged at the AP the VPN will pass traffic. Both VNSs have "access control" set to allow and allow all (allow 0.0.0.0/0 dest and src) in the policy rules. This problem is only with some VPN software. We use Pulse Secure and it works fine through bridged at controller VNS. Is there something in the way the packets are handled when bridged at controller that would cause this? Would enabling Jumbo Frames help?