Scenario 3-Ipsec: Multiple Datacenter Deployment With Primary And Backup Controllers For Redundancy - Aruba IAP-335 User Manual

Scenario 3—IPsec: Multiple Datacenter Deployment with Primary
and Backup Controllers for Redundancy
This scenario includes the following configuration elements:
Multiple controller deployment model with controllers in different data centers operating as
l
primary/backup VPN with Fast Failover and preemption enabled.
Split-tunneling of traffic.
l
Split-tunneling of client DNS traffic.
l
Two Distributed, L3 mode DHCPs, one each for employee and contractors; and one Local mode DHCP
l
server.
RADIUS server within corporate network and authentication survivability enabled for branch survivability.
l
Wired and wireless users in L3 and NAT modes, respectively.
l
Access rules for wired and wireless users with source-NAT-based rule for contractor roles to bypass global
l
routing profile.
OSPF based route propagation on controller.
l
Topology
Figure 125 shows the topology and the IP addressing scheme used in this scenario.
Figure 125 Scenario 3—IPsec: Multiple Datacenter Deployment with Primary and Backup Controllers for
Redundancy
The IP addressing scheme used in this example is as follows:
10.0.0.0/8 is the corporate network.
l
10.30.0.0/16 subnet is reserved for L3 mode –used by Employee SSID.
l
405 | IAP-VPN Deployment Scenarios Aruba Instant 6.5.0.0-4.3.0.0 | User Guide