AP-VPN Deployment
20.2 Configuring AP and Controller for AP-VPN Operations
SCALANCE W1750D UI
332
Configuration Manual, 02/2018, C79000-G8976-C451-02
Configuring Routing Profiles
The routing profile on the AP determines whether the traffic destined to a subnet must be
tunneled through IPsec or bridged locally. If the routing profile is empty, the client traffic will
always be bridged locally. For example, if the routing profile is configured to tunnel 10.0.0.0
/8, the traffic destined to 10.0.0.0 /8 will be forwarded through the IPsec tunnel and the traffic
to all other destinations is bridged locally.
You can also configure a routing profile with 0.0.0.0 as gateway to allow both the client and
AP traffic to be routed through a non-tunnel route. If the gateway is in the same subnet as
uplink IP address, it is used as a static gateway entry. A static route can be added to all
master and slave APs for these destinations. The VPN traffic from the local subnet of AP or
the VC IP address in the local subnet is not routed to tunnel, but will be switched to the
relevant VLAN. For example, when a 0.0.0.0/0.0.0.0 routing profile is defined, to bypass
certain IPs, you can add a route to the IP by defining 0.0.0.0 as the destination, thereby
forcing the traffic to be routed through the default gateway of the AP.
You can configure routing profiles through More > VPN > Controller UI. For step-by-step
procedural information on configuring routing profile, see Configuring Routing Profiles
(Page 323).
Note
The AP network has only one active tunnel even when fast failover is enabled. At any given
time, traffic can be tunneled only to one VPN host.
Configuring DHCP Profiles
You can create DHCP profiles to determine the AP-VPN mode of operation. An AP network
can have multiple DHCP profiles configured for different modes of AP-VPN. You can
configure up to eight DHCP profiles. For more information on the AP-VPN modes of
operation, see AP-VPN Forwarding Modes (Page 327).
You can create any of the following types of DHCP profiles for the AP-VPN operations:
●
Local
●
Local, L2
●
Local, L3
●
Distributed, L2
●
Distributed, L3
●
Centralized, L2
●
Centralized, L3