AP-VPN Deployment Scenarios
35.2 Scenario 2 - IPsec: Single Datacenter with Multiple controllers for Redundancy
SCALANCE W1750D UI
Configuration Manual, 02/2018, C79000-G8976-C451-02
537
The following IP addresses are used in the examples for this scenario:
●
10.0.0.0/8 is the corporate network
●
10.20.0.0/16 subnet is reserved for L2 mode – used for guest network
●
10.30.0.0/16 subnet is reserved for L3 mode
●
Client count in each branch is 200
●
10.2.2.0/24 is a branch-owned subnet, which needs to override global routing profile
●
199.127.104.32 is used an example IP address of the AirWave server in the Internet
AP Configuration
The following table provides information on the configuration steps performed through the
CLI with example values. For information on the UI procedures, see the topics referenced in
the
UI Procedure
column.
Table 35- 2 AP Configuration for Scenario 2—IPsec: Single Datacenter with Multiple controllers for Redundancy
Configuration Steps
CLI Commands
UI Procedure
1. Configure the primary host
for VPN with the Public VRRP
IP address of the controller.
(scalance)(config)# vpn primary <public VRRP IP
of controller>
See Configuring an IPsec
Tunnel
2. Configure routing profiles to
tunnel traffic through IPsec.
(scalance)(config)# routing-profile
(scalance)(routing-profile)# route 0.0.0.0
0.0.0.0
<public VRRP IP of controller>
See Configuring Routing
Profiles
3. Define routing profileexcep-
tion RADIUS serverand Air-
Wave IPs, since the design
requirement for this solution
requireslocal RADIUSauthenti-
cation, eventhough the IP
matchesthe routing profiledes-
tination.
(scalance)(config)# routing-profile
(scalance)(routing-profile)# route 10.2.2.1
255.255.255.255 0.0.0.0
(scalance)(routing-profile)# route 10.2.2.2
255.255.255.255 0.0.0.0(scalance)(routing-
profile)# route 199.127.104.32255.255.255.255
0.0.0.0
See Configuring Routing
Profiles
4. Configure Enterprise DNS.
The configuration example in
the next column tunnels all
DNS queries to the original
DNS server of clients without
proxying on AP.
(scalance)(config)# internal-domains
(scalance)(domains)# domain-name *
See Configuring Enterprise
Domains
Содержание SCALANCE W1750D UI
Страница 18: ...About this guide SCALANCE W1750D UI 18 Configuration Manual 02 2018 C79000 G8976 C451 02 ...
Страница 28: ...About SCALANCE W 3 3 SCALANCE W CLI SCALANCE W1750D UI 28 Configuration Manual 02 2018 C79000 G8976 C451 02 ...
Страница 108: ...IPv6 Support 10 4 Debugging Commands SCALANCE W1750D UI 108 Configuration Manual 02 2018 C79000 G8976 C451 02 ...
Страница 326: ......
Страница 356: ......
Страница 374: ......
Страница 416: ......
Страница 440: ......
Страница 450: ...Intrusion Detection 27 4 Configuring IDS SCALANCE W1750D UI 450 Configuration Manual 02 2018 C79000 G8976 C451 02 ...
Страница 470: ......
Страница 480: ......
Страница 496: ......
Страница 518: ...Hotspot Profiles 33 3 Sample Configuration SCALANCE W1750D UI 518 Configuration Manual 02 2018 C79000 G8976 C451 02 ...
Страница 528: ......
Страница 552: ......
Страница 570: ...Appendix B 3 Glossary SCALANCE W1750D UI 570 Configuration Manual 02 2018 C79000 G8976 C451 02 ...