Showing results for 
Search instead for 
Did you mean: 

vSZ essential - site to site vpn - remote ap issue

New Contributor

I have site to site vpn between 2 locations.(all traffic allowed)

i can ping/ssh from each location to device.

when i setup the vsz ip on ap it connects to vsz - i approve it - move it to correct group and then :

- AP connected

-AP heartbeat lost

-AP disconnected

-AP connected

-AP heartbeat lost

but ping / ssh working. Ap shows online but not receiving AP Firmware 

Configuration Status - New configuration




Hello Alex,

Hope you doing good today!

Please check the following:

1. Verify if required firewall ports are opened for communication between the AP and the vSZ. If all the ports are allowed, then check if there is any packet drop seen on the firewall between the AP and the vSZ.

Reference document on the firewall ports:

Please note, AP communicates to the control plane of the vSZ, hence communication should be allowed for the control-plane interface.

2. VPN MTU size: Try to reduce the VPN MTU size to 1200 and see if it helps. See if no jumbo frames are enabled on the uplinks.

Sarita Shekhar | CCNA | CWNA
Senior Technical Support Engineer,