This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Some VPN's will not pass traffic over bridged at controller VNS but will pass traffic over Bridged at AP VNS

Some VPN's will not pass traffic over bridged at controller VNS but will pass traffic over Bridged at AP VNS

Christopher_Tay
Contributor

‎10-27-2016 02:40 PM

We have a C4110 on release 10.11.03.0004 with 210 APs. A mix of 3935s, 3825s, and 3710s. We have clients that can not user their Cisco VPN software on our main VNS that is bridged at the controller. The tunnel is established but they can not pass traffic over it. When switched over to a VNS that is bridged at the AP the VPN will pass traffic. Both VNSs have "access control" set to allow and allow all (allow 0.0.0.0/0 dest and src) in the policy rules. This problem is only with some VPN software. We use Pulse Secure and it works fine through bridged at controller VNS. Is there something in the way the packets are handled when bridged at controller that would cause this? Would enabling Jumbo Frames help?
0 Kudos
3 REPLIES 3

Ronald_Dvorak
Honored Contributor

‎10-28-2016 06:27 PM

I don't think that there is an issue with the MTU on the controller.

To make sure that it's related to the controller I'd connect the client wired to the VLAN that is used for the bridge@EWC VNS and run the test - just to proof that the problem is not on the VLAN/LAN.
0 Kudos

Christopher_Tay
Contributor

‎10-28-2016 05:30 PM

Hello Ron, the bridge@EWC and bridge@AP VNS do not bridge into the same VLAN. I have several bridge@EWC VNS that go to different VLANs with different routers and several bridge@AP VNS that go to different VLANs with different routers. We have experienced the problem on all the bridge@EWC VNSs and it goes away once we move them to one of the bridge@AP VNS. We are a convention centre and we use the bridge@EWC networks for out clients that come in to the building on a short term basis because they are easier to move around. I prefer not to use bridge@AP VNS for this purpose but we do have some in place for staff. The VNS report does show the correct role/default action/PVID. Is there an MTU size issue when using bridge@EWC?
0 Kudos

Ronald_Dvorak
Honored Contributor

‎10-27-2016 03:22 PM

Hi Chris,

I've just tried it with my V2110 running also 10.11.03.0004 and a AP3825 with Cisco AnyConnect Secure Mobile Client version 4.3.01095 and don't have any issues.

You'd remove the allow all "Policy Rule" - you don't need it if the "Access Control" is set to allow.

Just to be sure... the bridge@EWC and bridge@AP VNS bridge into the same VLAN/LAN.

If you go into > VNS > WLAN Services > "bridge@EWC VNS" > Default Topology
Is the correct bridge@EWC topology selected ?

Does the Clients by VNS report show the correct role/default action/PVID for the bridge@EWC SSID ?

-Ron
0 Kudos
GTM-P2G8KFN