
2
Configuring Transparent Mode in VPN Environments
To configure transparent mode in a virtual private network environment, you must create a range or group of addresses that will be protected behind the IP address on the bridge. This must be done because addresses cannot be learned dynamically behind a firewall.
Network A
X Y
Z
Group M
Switch
Nokia Platform with Firewall
Switch
ISP
Internet
Firewall B
Network B
00327
In this example, the network administrator of Network A wants to provide Network B with access to certain addresses behind the Nokia Platform with Firewall, which is in transparent mode.
To do this, the network administrator would do the following in the firewall software:
1.Create a group of addresses on Firewall A.
In this case, the network administrator groups together addresses x, y, and z into group M.
2.Create an object for the remote Firewall B.
3.Create a rule, for example, Group M; Network B; Encrypt.
The network administrator on Network B also creates a rule for encrypted traffic through Firewall B.
134 | Nokia Network Voyager for IPSO 4.0 Reference Guide |