Chapter 2

Installing the SSL312

This chapter describes how to install the ProSafe SSL VPN Concentrator 25 SSL312. The installation includes choosing a network topology, configuring the IP addressing scheme, connecting the SSL312, and provisioning the SSL certificate.

Choosing a Network Topology

The physical connection of the SSL VPN Concentrator to your network is determined by the network topology you choose. There are two common network topologies for installing the SSL VPN Concentrator: single arm or routing. Variations of these topologies are possible, particularly if your firewall supports a DMZ connection.

Single Arm

In the single arm, or one port, topology, the SSL VPN Concentrator’s Ethernet Port 1 is connected to your corporate Ethernet network behind your existing firewall, while Ethernet Port 2 is not used. The single active Ethernet port hosts both the encrypted connection to the Internet and the decrypted connection to the corporate network’s resources.

As shown in the following figure, encrypted SSL traffic from a remote user passes through the firewall and terminates at the SSL VPN Concentrator, which authenticates the user and displays the portal and resources authorized for that user. The user’s subsequent requests for network services are decrypted by the SSL VPN Concentrator and relayed to the appropriate corporate network servers.

2-1

v2.0, May 2007

Page 19
Image 19
NETGEAR manual Chapter Installing the SSL312, Choosing a Network Topology, Single Arm