The Vpn Device As A Firewall - HP Sa3110 - VPN Server Appliance Reference Manual

The VPN Device The VPN Device The VPN Device The VPN Device
as a Firewall as a Firewall
as a Firewall as a Firewall
Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Network Layout Reference Guide
Table: Table: Behind a Firewall (Inline) Configuration Parameters Behind a Firewall (Inline) Configuration Parameters
Table: Table: Behind a Firewall (Inline) Configuration Parameters Behind a Firewall (Inline) Configuration Parameters
VPN Device (NAT by Router) VPN Device (NAT by Router)
VPN Device (NAT by Router) VPN Device (NAT by Router)
Interface E0:
IP: 10.250.128.2 255.255.255.0
Mode: Red
Interface E1:
IP: 192.168.10.2 255.255.255.0
Mode: Red
Configuration file entries/
routing info:
security profile remote user
remote tunnel johndoe
security-profile remote
user
client-ip 10.250.128.3
255.255.255.255
VPN Client IP: 10.250.128.3
Subnet: 10.250.128.0 (net-
include)
ISP IP: 209.29.128.50
In this scenario, VPN Client traffic is handled either through a
router (inline) or by directly dialing in to the PSTN. The traffic
passes through firewall functionality on the VPN device. The
VPN device may or may not perform NAT before passing the
traffic to the local network.
• For inline router configurations:
— The router accepts all incoming client traffic, then trans-
fers the traffic to the VPN device.
— The third-party firewall may or may not perform NAT
before passing the traffic to the VPN device.
VPN Device (No NAT) VPN Device (No NAT)
VPN Device (No NAT) VPN Device (No NAT)
Interface E0:
IP: 205.25.128.2 255.255.255.0
Mode: Red
Interface E1:
IP: 210.35.129.2 255.255.255.0
Mode: Red
Configuration file entries/routing
info:
security profile remote user
remote tunnel johndoe
security-profile remote user
ip route 209.29.128.50
255.255.255.255 johndoe
VPN Client IP: Uses ISP IP (no
client IP)
Subnet: 205.25.128.0 (net-include)
ISP IP: 209.29.128.50
Client Scenarios
15