HP Sa3110 - VPN Server Appliance Manual page 89

Tunnel Tunnel
Tunnel Tunnel
Terminates in Terminates in Terminates in Terminates in
the Red the Red the Red the Red
(Trusted) (Trusted) (Trusted) (Trusted)
Network, Network, Network, Network,
Destined for the Destined for the
Destined for the Destined for the
Black Black
Black Black
(Untrusted) (Untrusted) (Untrusted) (Untrusted)
Network Network Network Network
Tunnel Tunnel
Tunnel Tunnel
Terminates on Terminates on Terminates on Terminates on
the Black the Black the Black the Black
(Untrusted) (Untrusted)
(Untrusted) (Untrusted)
Network, Network,
Network, Network,
Destined for the Destined for the Destined for the Destined for the
Black Black Black Black
(Untrusted) (Untrusted)
(Untrusted) (Untrusted)
Network Network
Network Network
Hewlett-Packard Company Virtual Private Networking Concepts Guide
The third possibility is that the tunnel terminates in the red
(trusted) network, but the traffic is destined for the black
(untrusted) network. In other words, although the traffic is
destined for an untrusted location, the opposing device has sent
the traffic through a safe tunnel to the trusted side of the
network. The packets must then pass through the firewall back
to the black (untrusted) interface.
Tunnel terminates on the Red
Figure: Tunnel Terminates on the Red (Trusted) Network, Figure: Tunnel Terminates on the Red (Trusted) Network, Figure: Tunnel Terminates on the Red (Trusted) Network, Figure: Tunnel Terminates on the Red (Trusted) Network,
Destined for the Black (Untrusted) Network Destined for the Black (Untrusted) Network
Destined for the Black (Untrusted) Network Destined for the Black (Untrusted) Network
Finally, the tunnel may terminate on the black (untrusted)
network and the traffic be destined for the black (untrusted)
network. In this case the packets do not need to cross the
firewall.
Tunnel Termination and Firewall Rules
Firewall rule allows traffic
through to the Black
5-33