1. Manuals
  2. Brands
  3. HP Manuals
  4. Server
  5. Sa3110 - VPN Server Appliance
  6. Reference manual

HP Sa3110 - VPN Server Appliance Reference Manual

Hp vpn server appliance sa3110/sa3150/sa3400/sa3450 network layout reference guide
Hide thumbs Also See for Sa3110 - VPN Server Appliance:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Installation Manual, Manual
hewlett-packard vpn server
appliance sa3110/sa3150/
sa3400/sa3450
network layout reference guide
Hewlett-Packard Company
HP: 5971-0873
P/N: A55307-001
March 2001

Advertisement

Table of Contents
loading

Related Manuals for HP Sa3110 - VPN Server Appliance

Summary of Contents for HP Sa3110 - VPN Server Appliance

  • Page 1 Hewlett-Packard Company HP: 5971-0873 P/N: A55307-001 March 2001...
  • Page 3 The information in this manual is furnished for informational use only, is subject to change without notice, and should not be construed as a commitment by Hewlett-Packard Company. Hewlett-Packard Company assumes no responsibility or liability for any errors or inaccuracies that may appear in this document or any software that may be provided in association with this document.

  • Page 5: Table Of Contents

    The VPN Device as a Firewall (With or Without NAT) ..... 27 Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Network Layout Reference Guide...

  • Page 6: Network Layout Reference Guide

    Behind a firewall (one-armed) that may or may not use NAT • Behind a firewall (inline) that may or may not use NAT • VPN device as a firewall (may or may not use NAT) Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Network Layout Reference Guide...

  • Page 7: Client Scenarios

    Configuring a One-Armed Router Configuration When setting up a VPN device, you must configure many global configuration settings. You configure the VPN device through the HP SA3000 Series VPN Manager or command shell. Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Network Layout Reference Guide...

  • Page 8: Inline Router Configuration

    (inline) or by directly dialing into the public-switched Configuration Configuration Configuration Configuration telephone network (PSTN). • For inline router configurations: — The router accepts all incoming client traffic then trans- fers the traffic to the VPN device. Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Network Layout Reference Guide...
  • Page 9 To set up an inline router configuration, use the configuration parameters in the following table. Note that the values of these parameters are examples only; you must enter values specific to your network. Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Network Layout Reference Guide...

  • Page 10: In Parallel With Firewall (Extranet Or Intranet)

    — The VPN device then transfers the traffic to the local network to which it is attached. — The VPN device is in router mode and does not perform firewall functions. Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Network Layout Reference Guide...
  • Page 11 To set up an in parallel with firewall configuration, use the configuration parameters in the following table. Note that the values of these parameters are examples only; you must enter values specific to your network. Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Network Layout Reference Guide...

  • Page 12: Bridge Configuration

    — The VPN device may or may not perform firewall functions on the traffic. — The bridge is installed on the internal side of the net- work with minimal changes to the network topology. Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Network Layout Reference Guide...
  • Page 13 To set up a bridge configuration, use the configuration parameters in the following table. Note that the values of these parameters are examples only; you must enter values specific to your network. Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Network Layout Reference Guide...

  • Page 14: Edge Router Configuration

    The VPN device may or may not perform firewall functions on the traffic. • The VPN Client has no means to perform direct dial to the local network; it must go through a VPN tunnel. Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Network Layout Reference Guide...
  • Page 15 VPN Device (No NAT) Interface E0: Interface E0: IP: 10.250.128.2 255.255.255.0 IP: 205.25.128.2 255.255.255.0 Mode: Red Mode: Red Interface E1: Interface E1: IP: 210.35.129.2 255.255.255.0 IP: 210.35.129.2 255.255.255.0 Mode: Black Mode: Red 10 Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Network Layout Reference Guide...

  • Page 16: Behind A Firewall With Or Without Nat (One-Armed)

    VPN device. — The VPN device then decrypts the encrypted VPN traffic and passes it to the local network. Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Network Layout Reference Guide...
  • Page 17 VPN Device (No NAT) (NAT by Router) (NAT by Router) (NAT by Router) (NAT by Router) Interface E0: Interface E0: IP: 10.250.128.2 255.255.255.0 IP: 205.25.128.2 255.255.255.0 Mode: Red Mode: Red 12 Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Network Layout Reference Guide...

  • Page 18: Behind A Firewall With Or Without Nat (Inline)

    • For direct dial into the PSTN: — Traffic may go through a router or remote access server, which may or may not perform NAT. Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Network Layout Reference Guide...
  • Page 19 To set up a behind a firewall (inline) configuration, use the configuration parameters in the following table. Note that the values of these parameters are examples only; you must enter values specific to your network. 14 Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Network Layout Reference Guide...

  • Page 20: The Vpn Device As A Firewall

    — The router accepts all incoming client traffic, then trans- fers the traffic to the VPN device. — The third-party firewall may or may not perform NAT before passing the traffic to the VPN device. Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Network Layout Reference Guide...
  • Page 21 You configure the VPN device through the VPN Manager or command shell. To set up a VPN device as a firewall configuration, use the configuration parameters in the following table. Note that the 16 Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Network Layout Reference Guide...
  • Page 22 10.250.128.3 255.255.255.255 johndoe 255.255.255.255 VPN Client IP: 10.250.128.3 VPN Client IP: Uses ISP IP (no client IP) Subnet: 10.250.128.0 (net- Subnet: 205.25.128.0 (net-include) include) ISP IP: 209.29.128.50 ISP IP: 209.29.128.50 Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Network Layout Reference Guide...

  • Page 23: Lan-To-Lan Scenarios

    Figure: In Parallel With a Firewall (No NAT) Figure: In Parallel With a Firewall (No NAT) Figure: In Parallel With a Firewall (No NAT) Figure: In Parallel With a Firewall (No NAT) 18 Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Network Layout Reference Guide...

  • Page 24: In Parallel With A Firewall (With Nat)

    Each VPN device is attached to a router. The routers connect through the Internet and perform NAT. • Traffic travels from one local network, through the LAN-to- LAN connection, to the other local network. Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Network Layout Reference Guide...
  • Page 25 To set up an in parallel with a firewall (with NAT) configuration, use the configuration parameters in the following table. Note that the values of these parameters are examples only; you must enter values specific to your network. 20 Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Network Layout Reference Guide...

  • Page 26: Behind A Firewall (One-Armed) With Or Without Nat

    The VPN device decrypts the encrypted VPN traffic and passes it to the local network. Note: Note: Note: Note: You must add a route to the firewall for the network that Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Network Layout Reference Guide...
  • Page 27 To set up a behind a firewall (one-armed) with NAT configuration, use the configuration parameters in the following table. Note that the values of these parameters are examples only; you must enter values specific to your network. 22 Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Network Layout Reference Guide...
  • Page 28 To set up a behind a firewall (one-armed) without NAT configuration, use the configuration parameters in the following table. Note that the values of these parameters are examples only; you must enter values specific to your network. Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Network Layout Reference Guide...

  • Page 29: Behind A Firewall That May Or May Not Use Nat (Inline)

    The third-party firewall then passes the traffic to the VPN device B, which is directly attached to it. • The VPN device B decrypts the VPN traffic before passing it to the local network. 24 Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Network Layout Reference Guide...
  • Page 30 To set up a behind a firewall (inline) configuration, use the configuration parameters in the following tables (with or without NAT). Note that the values of these parameters are examples only; you must enter values specific to your network. Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Network Layout Reference Guide...
  • Page 31 VPN Device B (No NAT) Interface E0: Interface E0: IP: 205.25.128.2 255.255.255.0 IP: 210.25.135.2 255.255.255.0 Mode: Red Mode: Red Interface E1: Interface E1: IP: 205.35.129.2 255.255.255.0 IP: 210.35.129.2 255.255.255.0 Mode: Red Mode: Red 26 Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Network Layout Reference Guide...

  • Page 32: The Vpn Device As A Firewall (With Or Without Nat)

    The VPN device performs firewall functionality on the traffic and may or may not use NAT. • The VPN device B decrypts the VPN traffic before passing it to the local network. Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Network Layout Reference Guide...
  • Page 33 To set up a VPN device as a firewall configuration, use the configuration parameters in the following tables (with and without NAT). Note that the values of these parameters are examples only; you must enter values specific to your network. 28 Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Network Layout Reference Guide...
  • Page 34 VPN Device B (No NAT) Interface E0: Interface E0: IP: 205.25.128.2 255.255.255.0 IP: 205.25.128.2 255.255.255.0 Mode: Red Mode: Red Interface E1: Interface E1: IP: 210.35.129.2 255.255.255.0 IP: 210.35.129.2 255.255.255.0 Mode: Red Mode: Red Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Network Layout Reference Guide...
  • Page 35 Config file entries/routing info: info: security-profile site-to-site security-profile site-to-site site-to-site tunnel SanFrancisco site-to-site tunnel security-profile site-to-site SanFrancisco route 209.29.128.50 255.255.255.0 security-profile site-to-site route 209.29.128.50 255.255.255.255 Subnet: 205.25.128.0 (net- Subnet: 205.25.128.0 (net-include) include) 30 Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Network Layout Reference Guide...
  • Page 36 Index Index Index Index B B B B I I I I behind a firewall in parallel with a firewall ........inline, with or without NAT extranet or intranet ........one-armed, with or without NAT with NAT ..............bridge configuration without NAT ......

This manual is also suitable for:

Sa3110Sa3150Sa3400Sa3450

Table of Contents