Chapter 2 installing the ssl312, Choosing a network topology, Single arm – NETGEAR ProSafe SSL312 User Manual

2-1

v1.1, November 2006

Chapter 2

Installing the SSL312

This chapter describes how to install the ProSafe SSL VPN Concentrator 25 SSL312. The
installation includes choosing a network topology, configuring the IP addressing scheme,
connecting the SSL312, and provisioning the SSL certificate.

Choosing a Network Topology

The physical connection of the SSL VPN Concentrator to your network is determined by the
network topology you choose. There are two common network topologies for installing the SSL
VPN Concentrator: single arm or routing. Variations of these topologies are possible, particularly
if your firewall supports a DMZ connection.

Single Arm

In the single arm, or one port, topology, the SSL VPN Concentrator’s Ethernet Port 1 is connected
to your corporate Ethernet network behind your existing firewall, while Ethernet Port 2 is not used.
The single active Ethernet port hosts both the encrypted connection to the Internet and the
decrypted connection to the corporate network’s resources.

As shown in the following figure, encrypted SSL traffic from a remote user passes through the
firewall and terminates at the SSL VPN Concentrator, which authenticates the user and displays
the portal and resources authorized for that user. The user’s subsequent requests for network
services are decrypted by the SSL VPN Concentrator and relayed to the appropriate corporate
network servers.