2. Platform description¶

../_images/deployment-setup.jpg

The key element in this use case is the VPN Concentrator. It should naturally have access to the resources located in the private network, on one hand; and access to the Internet, on the other hand.

In order to provide HA, we will have 2 vRouter appliances running as VRRP master/backup with synchronized IKE SAs, IPsec counters and address pools.

Each road warrior will use a vRouter appliance. It should have a public IP address attributed by its ISP and will also receive a private address from the pool configured on the VPN concentrator, upon IKE negotiations.

Road warriors connect to the VPN Concentrator through the Internet. One node running a vRouter will represent the Internet. It is the road warriors’ default gateway; and advertises routes via BGP to the VPN concentrators.

The target resources sought by road warriors are located in the LAN. They will be represented by a Linux VM.