NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual
.
Firewall/Router IP Address 192.168.1.254
Corporate Server
IP Address 192.168.1.3
LAN Subnet 192.168.1.0/24
SSL312 IP Address 192.168.1.1
Figure
Single arm mode has the advantage of being protected by your firewall.
In later steps, you will use the following settings when configuring for single arm operation.
•Assign Ethernet Port 1 an IP address on your local network.
•Disable Ethernet Port 2.
•Disable Routing Mode.
•Define a default route to the firewall.
•If your firewall performs NAT, you must configure the firewall to forward incoming HTTPS traffic to the IP address of Ethernet Port 1.
Note: NETGEAR recommends single arm operation for most networks.
Routing
In the routing, or two port, topology, the SSL VPN Concentrator is connected in parallel with your existing firewall. Ethernet Port 1 is connected to the untrusted side of your firewall, while Ethernet Port 2 connects to your corporate network.
As shown in the following figure, encrypted SSL traffic from a remote user is sent directly to the SSL VPN Concentrator, which authenticates the user and displays the portal and resources
Installing the SSL312 |
