We have a controller dedicated for RAPs and tunnel termination from each of the local controllers in the enterprise.
This controller is located in the DMZ of the data center. We want to have this controller be redundant with another same controller.
We want to be able to only modify one controller and the changes to replicate to the redundant one.
Seeing how tunnels can terminate on a VRRP, we can solve the tunnel redundancy that way. We should be able to use the same for the RAP redundancy correct? We would just nat the outside IP to the inside VRRP address right?