2. Platform description¶

../_images/deployment-setup.jpg

The key element in this use case is the Security Gateway. It should naturally have access to the resources located in the private network, on one hand; and access to the Internet, on the other hand.

In order to provide HA, we will have 2 VSR appliances running as VRRP master/backup with synchronized IKE SAs, IPsec counters and address pools.

Each road warrior will use a VSR appliance. It should have a public IP address attributed by its ISP and will also receive a private address from the pool configured on the Security Gateway, upon IKE negotiations.

Road warriors connect to the Security Gateway through the Internet. One node running a VSR will represent the Internet. It is the road warriors’ default gateway; and advertises routes via BGP to the Security Gateways.

The target resources sought by road warriors are located in the LAN. They will be represented by a Linux VM.