Scenario 2-Ipsec: Single Datacenter With Multiple Controllers For Redundancy - Aruba IAP-335 User Manual

Scenario 2—IPsec: Single Datacenter with Multiple Controllers for
Redundancy
This scenario includes the following configuration elements:
A VRRP instance between the master/standby-master pair, which is configured as the primary VPN IP
l
address.
Tunneling of all traffic to datacenter.
l
Exception route to bypass tunneling of RADIUS and AirWave traffic, which are locally reachable in the
l
branch and the Internet, respectively.
All client DNS queries are tunneled to the controller.
l
Distributed, L3 and Centralized, L2 mode DHCP on all branches. L3 is used by the employee network and L2
l
is used by the guest network with captive portal.
Wired and wireless users in L2 and L3 modes.
l
Access rules defined for wired and wireless networks.
l
Topology
Figure 124 shows the topology and the IP addressing scheme used in this scenario.
Figure 124 Scenario 2—IPsec: Single Datacenter with Multiple controllers for Redundancy
The following IP addresses are used in the examples for this scenario:
10.0.0.0/8 is the corporate network
l
10.20.0.0/16 subnet is reserved for L2 mode – used for guest network
l
10.30.0.0/16 subnet is reserved for L3 mode
l
Client count in each branch is 200
l
401 | IAP-VPN Deployment Scenarios Aruba Instant 6.5.0.0-4.3.0.0 | User Guide