Routing, Routing -2 – NETGEAR ProSafe SSL312 User Manual

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual

2-2

Installing the SSL312

v1.1, November 2006

.

Single arm mode has the advantage of being protected by your firewall.

In later steps, you will use the following settings when configuring for single arm operation.

•

Assign Ethernet Port 1 an IP address on your local network.

•

Disable Ethernet Port 2.

•

Disable Routing Mode.

•

Define a default route to the firewall.

•

If your firewall performs NAT, you must configure the firewall to forward incoming HTTPS
traffic to the IP address of Ethernet Port 1.

Routing

In the routing, or two port, topology, the SSL VPN Concentrator is connected in parallel with your
existing firewall. Ethernet Port 1 is connected to the untrusted side of your firewall, while Ethernet
Port 2 connects to your corporate network.

As shown in the following figure, encrypted SSL traffic from a remote user is sent directly to the
SSL VPN Concentrator, which authenticates the user and displays the portal and resources

Figure 2-1

Note: NETGEAR recommends single arm operation for most networks.

Corporate Server
IP Address 192.168.1.3

SSL312 IP Address
192.168.1.1

Firewall/Router

IP Address

192.168.1.254

LAN Subnet
192.168.1.0/24