Virtual Private Network: General Design

This page describes design features of our VPN that may be of interest to LAN administrators and helpdesk staff.

The Remote Access VPN (RA-VPN) cluster is highly redundant, leveraging the OIT Data Center High Availability (HA) and connectivity redundancy.

  • Redundant physical locations.
  • Redundant switching and trunking from the core through to the edge.
  • Hot Standby Routing at the core.
  • Hot Standby Router Protocol (HSRP) provides network redundancy for IP networks.

The VPN service uses a clustering technology that is active„active.

  • Clustering provides a higher level of assurance.
  • Clustering provides higher scaling than the traditional failover models.
  • All members are active, and share in the overall load.

The infrastructure is "Virtual Routing and Forwarding (VRF)-enabled."

  • By default, all VPN Workgroups use a common VRF "vpn" to communicate.
  • Some customers will have a demonstrated need to drop the decrypted traffic within a specific VRF.

The infrastructure is "Firewall Enabled."

  • Some VPN workgroups require the ability to firewall the traffic that comes from or goes to their clients.
  • The ability to offload the firewalling via Fortigate firewall can be useful.

 

For more information, including downloads and guides, please go to our VPN Web page.