405 | IAP-VPN Deployment Scenarios Aruba Instant 6.5.0.0-4.3.0.0 | User Guide
Scenario 3—IPsec: Multiple Datacenter Deployment with Primary
and Backup Controllers for Redundancy
This scenario includes the following configuration elements:
l Multiple controller deployment model with controllers in different data centers operating as
primary/backup VPN with Fast Failover and preemption enabled.
l Split-tunneling of traffic.
l Split-tunneling of client DNS traffic.
l Two Distributed, L3 mode DHCPs, one each for employee and contractors; and one Local mode DHCP
server.
l RADIUS server within corporate network and authentication survivability enabled for branch survivability.
l Wired and wireless users in L3 and NAT modes, respectively.
l Access rules for wired and wireless users with source-NAT-based rule for contractor roles to bypass global
routing profile.
l OSPF based route propagation on controller.
Topology
Figure 125 shows the topology and the IP addressing scheme used in this scenario.
Figure 125 Scenario 3—IPsec: Multiple Datacenter Deployment with Primary and Backup Controllers for
Redundancy
The IP addressing scheme used in this example is as follows:
l 10.0.0.0/8 is the corporate network.
l 10.30.0.0/16 subnet is reserved for L3 mode –used by Employee SSID.
To Next Page
Loading...
