Virtual Private Network: General Design
This page describes design features of our VPN that may be of interest to LAN administrators and helpdesk staff.
The Remote Access VPN (RA-VPN) cluster is highly redundant, leveraging the OIT Data Center High Availability (HA) and connectivity redundancy.
- Redundant physical locations.
- Redundant switching and trunking from the core through to the edge.
- Hot Standby Routing at the core.
- Hot Standby Router Protocol (HSRP) provides network redundancy for IP networks.
The VPN service uses a clustering technology that is activeactive.
- Clustering provides a higher level of assurance.
- Clustering provides higher scaling than the traditional failover models.
- All members are active, and share in the overall load.
The infrastructure is "Virtual Routing and Forwarding (VRF)-enabled."
- By default, all VPN Workgroups use a common VRF "vpn" to communicate.
- Some customers will have a demonstrated need to drop the decrypted traffic within a specific VRF.
The infrastructure is "Firewall Enabled."
- Some VPN workgroups require the ability to firewall the traffic that comes from or goes to their clients.
- The ability to offload the firewalling via Fortigate firewall can be useful.
For more information, including downloads and guides, please go to our VPN Web page.