SCALANCE W1750D UI
Configuration Manual, 02/2018, C79000-G8976-C451-02
327
Understanding AP-VPN Architecture
The AP-VPN architecture includes the following two components:
● APs at branch sites
● Controller at the datacenter
The master AP at the branch site acts as the VPN endpoint and the controller at the
datacenter acts as the VPN concentrator. When an AP is set up for VPN, it forms an IPsec
tunnel to the controller to secure sensitive corporate data. IPsec authentication and
authorization between the controller and the APs are based on the RAP whitelist configured
on the controller
Note
Only the master AP in an AP cluster forms the VPN tunnel.
From the controller perspective, the master APs that form the VPN tunnel are considered as
VPN clients. The controller terminates VPN tunnels and routes or switches the VPN traffic.
The AP cluster creates an IPsec or GRE VPN tunnel from the VC to a Mobility Controller in a
branch office. The controller only acts as an IPsec or GRE VPN endpoint and it does not
configure the AP.
AP-VPN Scalability Limits
The controller scalability in AP-VPN architecture depends on factors such as IPsec tunnel
limit, Branch ID limit, and datapath route table limit. The following table provides the AP-VPN
scalability information for various controller platforms:
Table 20- 1 AP-VPN Scalability
N/A N/A
●
—The number of AP-VPN branches that can be terminated on a given controller
platform.
●
—The number of L3 routes supported on the controller.
To Next Page
Loading...
Need help?
General
