Wireless Access

I'm troubleshooting a communication issue between a wirelses client at one locatino communicating with a wired device at another location. Location A has a 620 local controller. Location B has a 620 local controller. The master is a 3200. You can ping from one local to the other with no problem. The problem is that wireless clients at location A cannot connect to a particular device at location B using port 5900. When I look at "show datapath session" on either side, I see the devices making an attempt, however the Flag shows "Y" which means No Sync.

Does anyone have any thoughts on why I'm seeing this? All controllers are running 6.1.3. Thanks in advance.

We will probably need more information like a detailed network diagram.  It is not clear what is going on.

No problem. Here is a basic diagram of the current setup. I have static routes on all devices that provide full connectivity to all other sites.

Also, to clarify, we aren't using site-to-site VPN, but rather just the master-local IPSEC tunnels to communicate between controllers.

So the master/local ipsec tunnels only establish connectivity between the two controllers specifically

If you want to have more clients pass traffic over those tunnels, you have to do that via "ip route x.x.x.x y.y.y.y ipsec map" on both sides to allow them to pass traffic.  In other words, write routes on each side pointing to that IPSEC map for each subnet you want to advertise reachability to.

Yes, we have the static route statements on all of the local controllers. For example, The East local controller has static routes, for all of West's local subnets, that point to the ipsec map. My main question is what would the "No Syn" flag indicate?

guess "no SYN" could mean controller is not responding to the IPsec establishing request. For example, in one of my Lab test, one AP is not licensed, controller shows “No SYN” and keeps dropping IKE request