NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual

.

Firewall/Router IP Address 192.168.1.254

Corporate Server

IP Address 192.168.1.3

LAN Subnet 192.168.1.0/24

SSL312 IP Address 192.168.1.1

Figure 2-1

Single arm mode has the advantage of being protected by your firewall.

In later steps, you will use the following settings when configuring for single arm operation.

Assign Ethernet Port 1 an IP address on your local network.

Disable Ethernet Port 2.

Disable Routing Mode.

Define a default route to the firewall.

If your firewall performs NAT, you must configure the firewall to forward incoming HTTPS traffic to the IP address of Ethernet Port 1.

Note: NETGEAR recommends single arm operation for most networks.

Routing

In the routing, or two port, topology, the SSL VPN Concentrator is connected in parallel with your existing firewall. Ethernet Port 1 is connected to the untrusted side of your firewall, while Ethernet Port 2 connects to your corporate network.

As shown in the following figure, encrypted SSL traffic from a remote user is sent directly to the SSL VPN Concentrator, which authenticates the user and displays the portal and resources

2-2

Installing the SSL312

v2.0, May 2007

Page 19 Page 21
Page 20
Image 20
NETGEAR SSL312 manual Routing
Page 19 Page 21
Top Page Image Contents