Secure tunnel behind NAT

About the secure tunnel option, when the controller is deployed behind NAT this is not supported at this moment.
known issues:

o Availability pair, if two Controller behind NAT can’t be identified
o Image upgrade fails if Controller behind NAT

When do we support secure tunnel for controllers behind a NAT device?



2 replies

Userlevel 7
We support this model now. I would suggest the ap's at a min be on the latest code (8.32.07 for example). The ap to controller communication is udp 13907 (AP Registration) and udp 4500 (secure tunnel).

Userlevel 7
Updated: If the controller is behind a NAT'd interface the access point will only learn the private side address during the registration process not the public address. At this time it's not a supported configuration.