Table of Contents
Advertisement
35.3 Scenario 3 - IPsec: Multiple Datacenter Deployment with Primary and Backup Controllers for Redundancy
● 172.16.20.0/24 subnet is used for NAT mode – used for wired network.
●
● Contractors are only permitted to reach 10.16.0.0/16 network.
AP Configuration
This section provides information on configuration steps performed through the CLI and the
UI.
Table 35- 3
AP Configuration for Scenario 3—IPsec: Multiple Datacenter Deployment
Configuration Steps
1. Configure the primary IP address.
This IP address is the Public IP ad-
dress of the controller. Fast Failover is
enabled for fast convergence.
2. Configure routing profiles to tunnel
traffic through IPsec.
3. Configure Enterprise DNS for split
DNS. The example in the next column
uses a specific enterprise domain to
tunnel all DNS queries matching that
domain to corporate.
SCALANCE W1750D UI
Configuration Manual, 02/2018, C79000-G8976-C451-02
Client count in each branch is 200.
CLI Commands
(scalance)(config)# vpn primary <public IP
of primary controller>
(scalance)(config) # vpn backup <public IP
of backup controllers>
(scalance)(config)# vpn preemption
(scalance)(config)# vpn fast-failover
(scalance)(config)# routing-profile
(scalance)(routing-profile)# route 0.0.0.0
0.0.0.0
<public IP of primary controller>
(scalance)(routing-profile)# route 10.0.0.0
255.0.0.0 <public IP of backup controller>
(scalance)(config)# internal-domains
(scalance)(domains)# domain-name corpdo-
main.com
AP-VPN Deployment Scenarios
UI Procedure
See Configuring an IPsec
Tunnel
See Configuring Routing
Profiles
See Configuring Enterpri-
se Domains
543
Hide quick links:
Advertisement
Table of Contents
