{"pageModel":{"attributes":{"id":"","name":"121108.dita","viewName":"DitaDetail"},"elements":{"ditaContent":{"name":"DITAContent","value":"<article id=\"manage-regions-and-ip-pools\" class=\"topic concept\">\r\n<h1 class=\"title topictitle1\">Manage Regions and IP Pools</h1>\r\n<div class=\"body conbody\">\r\n<p class=\"p\">When setting up a VPN profile, you choose the Secure Access region where your data center is\r\n      located, which determines where the VPN traffic will be routed within your network. </p>\r\n<ul class=\"ul\">\r\n<li class=\"li\">\r\n<p class=\"p\">A Secure Access region is a cluster of data centers in a specific geographic area, such\r\n          as the Northeastern United States or Western Europe. It is best practice to choose a\r\n          region that is geographically close to users; this reduces latency because data reaches\r\n          the users more quickly. We strongly recommend adding two regions located as close together\r\n          as possible to support failover conditions. </p>\r\n</li>\r\n<li class=\"li\">\r\n<p class=\"p\">An IP address pool is a sequential range of IP addresses within a certain network. You\r\n          can have multiple pool configurations. VPN profiles require IP addressing pools in order\r\n          to be fully-functional. In addition, control plane traffic such as RADIUS is sourced from\r\n          the Secure Access IP address pools defined as the System IP pool on the dashboard.</p>\r\n</li>\r\n<li class=\"li\">\r\n<p class=\"p\">Ensure the IP addresses inluded in System IP pool are allowed to communicate with\r\n          necessary services hosted on your premises such as Radius servers, DNS servers, CRL/OCSP\r\n          servers, and other components of Secure Access.</p>\r\n</li>\r\n</ul>\r\n<p class=\"p\">For more information, see  <a data-scope=\"local\" target=\"\" href=\"docs/csa/olh/121077.dita\" title=\"\">Add an IP Pool</a>.</p>\r\n<section id=\"section_pyp_5jx_g3c\" class=\"section\">\r\n<h2 class=\"title sectiontitle\">Failover in Regions and IP Pools</h2>\r\n<p class=\"p\">For every region selected in this process Secure Access polls different locations within\r\n        that region to ensure the best VPN connectivity is promoted. To ensure that when failover\r\n        happens in your region your environment does not affect your connectivity, we recommend\r\n        adding at least two regions as geographically close as possible. This protects and ensure\r\n        user connectivity because if data center A is not operating correctly or is experiencing\r\n        connectivity issues and becomes unavailable, data center B remains active and detects the\r\n        drop. Data center B automatically loadbalances users from data center A; this action appears\r\n        as a reset and then users are transferred from data center A to data center B. If you create\r\n        two data centers in two different regions, the IP addresses may not be viable. </p>\r\n<p class=\"p\">To address failover we strongly recommend adding two regions and also to commiting to twice\r\n        the number of IP addresses in your IP pools to cover all of the users per data center. That\r\n        means that if there are 150 users per region, you should create a combined IP pool that\r\n        contains at least 300 IP addresses to accommodate the additional users in a failover\r\n        scenario. </p>\r\n</section>\r\n</div>\r\n</article>\r\n","ditaVal":"","format":"html"},"bookTitle":{"value":""},"shortDescription":{"value":""}}},"parameters":{"appId":"SecureAccess","topicAlias":"manage-ip-pools"}}