401 | IAP-VPN Deployment Scenarios Aruba Instant 6.5.0.0-4.3.0.0 | User Guide
Scenario 2—IPsec: Single Datacenter with Multiple Controllers for
Redundancy
This scenario includes the following configuration elements:
l A VRRP instance between the master/standby-master pair, which is configured as the primary VPN IP
address.
l Tunneling of all traffic to datacenter.
l Exception route to bypass tunneling of RADIUS and AirWave traffic, which are locally reachable in the
branch and the Internet, respectively.
l All client DNS queries are tunneled to the controller.
l Distributed, L3 and Centralized, L2 mode DHCP on all branches. L3 is used by the employee network and L2
is used by the guest network with captive portal.
l Wired and wireless users in L2 and L3 modes.
l Access rules defined for wired and wireless networks.
Topology
Figure 124 shows the topology and the IP addressing scheme used in this scenario.
Figure 124 Scenario 2—IPsec: Single Datacenter with Multiple controllers for Redundancy
The following IP addresses are used in the examples for this scenario:
l 10.0.0.0/8 is the corporate network
l 10.20.0.0/16 subnet is reserved for L2 mode – used for guest network
l 10.30.0.0/16 subnet is reserved for L3 mode
l Client count in each branch is 200
To Next Page
Loading...
