03-14-2012 09:29 AM
We haven't implemented VIA yet, so I'd like to confirm whether or not this configuration is possible or not. We have a user that will be using an iPad and would like the ability to VPN back to multiple locations to control local resources at those locations. There is an App running on the iPad that needs to connect to each destination via VPN. It is the same App connecting to multiple destinations. If each location had it's own 600-series controller with a static public IP at each location, could VIA determine, based on destination network, which controller to VPN to? if so, would this be done transparent to the user?
In addition, we would like VIA to operate in split-tunnel so that all non-defined traffic just goes out the iPad's WIFI or 3G internet connection. Hopefully that makes sense. I know that VIA can do split-tunnel to a single VPN destination, my main concern is whether it can use multiple VPN destinations based on the destination subnet.
Destination 1: 192.168.1.0 /24 <---VPN----< VIA ----< iPad
Destination 2: 172.16.10.2 /24 <---VPN----< VIA ----< iPad
Destination 3: 192.168.50.0 /24 <---VPN----< VIA ----< iPad
Solved! Go to Solution.
03-14-2012 09:50 AM - edited 03-14-2012 09:51 AM
VIA can't simultaneously form multiple connections to multiple controllers. VIA forms an IPsec to only one controller at any given time. A user can manually select which controller he wants to connect but VIA won't start forming IPsec connections to multiple controllers based on the destination.
However, since you have a 600 at each site with static IP you can connect VIA to one location and form IPsec tunnels between other controllers. So, VIA will connect to controller X and the Controller X will forward traffic to other controllers based on the destination (this might increase the bandwidth a little at controller X location). You can also load balance , where a set on users will connect to controller X by default and the another set of users connect to controller Y and the rest to controller Z and so on. This way not all users terminate at one controller at all the time. VIA also supports split-tunneling.
03-14-2012 11:15 AM
Thanks, Sathya. That does help, but let me clarify our situation a little more. The iPad will NOT need to form multiple IPSEC tunnels simultaneously...only one at a time.
Example: iPad needs to access resources at Destination A. VIA builds IPSEC tunnel automatically to Controller A. Then, iPad needs to access resources at Destination C. VIA builds new IPSEC tunnel to Controller C, thus disconnecting the original tunnel. Is that possible?