This chapter describes how to install the ProSafe SSL VPN Concentrator 25 SSL312. The
installation includes choosing a network topology, configuring the IP addressing scheme,
connecting the SSL312, and provisioning the SSL certificate.
This chapter includes these topics:
•
Choosing a Network Topology
•
Initial Connection to the SSL VPN Concentrator
•
Accessing the Management Interface
•
Configuring Basic Network Settings
•
Installing the SSL VPN Concentrator
•
Managing Certificates
•
Steps for Further Configuration
Choosing a Network Topology
The physical connection of the SSL VPN Concentrator to your network is determined by the
network topology you choose. There are two common network topologies for installing the SSL
VPN Concentrator: single arm or routing. Variations of these topologies are possible, particularly
if your firewall supports a DMZ connection.
Single Arm
In the single arm, or one port, topology, the SSL VPN Concentrator's Ethernet Port 1 is connected
to your corporate Ethernet network behind your existing firewall, while Ethernet Port 2 is not used.
The single active Ethernet port hosts both the encrypted connection to the Internet and the
decrypted connection to the corporate network's resources.
As shown in the following figure, encrypted SSL traffic from a remote user passes through the
firewall and terminates at the SSL VPN Concentrator, which authenticates the user and displays
the portal and resources authorized for that user. The user's subsequent requests for network
Installing the SSL312
v2.1, November 2008
Chapter 2
2-1