Static route list – HP Secure Key Manager User Manual

Page 185

Advertising
background image

All responses to incoming packets leave from 10.20.41.1 - except the responses to incoming packets from

the 172.17.7.0 addresses (the local subnet of Ethernet #1). Those responses leave from the Ethernet #1

interface. All connections initiated by the SKM appliance leave from 10.20.41.1.

Example 3. Example 3

InterfaceDefault Gateway

Used for Outgoing Connections

-----------------------------------------------------------------—

Ethernet

#1

172.17.7.1

yes

Ethernet

#2

10.20.41.1

no

In this example:

All responses to incoming packets destined for IPs bound to Ethernet #1 leave from 172.17.7.1.

All responses to incoming packets destined for IPs bound to Ethernet #2 leave from 10.20.41.1.

If packets destined for Ethernet #1 are received by the Ethernet #2 interface, the response packets

will still leave from 172.17.7.1. Likewise, any packets destined for Ethernet #2 that are received by

the Ethernet #1 interface will still leave from 10.20.41.1.

If one of the default gateways should fail, the other interface is not affected. For example, if

172.17.7.1 fails, IPs bound to Ethernet #1 will be unreachable - but the Ethernet #2 interface

will operate normally.

All connections initiated by the SKM appliance (regardless of destination) leave from 172.17.7.1,

because ’Used for Outgoing Connections’ is configured for that gateway. If this gateway fails, all

outgoing connections fail.

Example 4. Example 4

Inter-

face

Default Gateway

Used for Outgoing Connections

-----------------------------------------------------------------—

Ether-

net #1

172.17.7.1

yes

Ether-

net #2

10.20.41.1

no

This configuration is the same as example 3, but in this scenario there are some hosts and networks that

are not reachable through 172.17.7.1. Most often these would be private or secure sub-networks. In such a

case you would add a static route out of 10.20.41.1 so that the SKM appliance can reach the additional

hosts or networks. The static route is shown here:

IP Address

Subnet Mask

Gateway

Interface

-----------------------------------------------------------------—

66.230.200.0

255.255.255.0

10.20.41.1

Ethernet #2

Static Route List

The Static Route features allows you to explicitly specify a route from the SKM to another network device.

Such a route is stored in the routing table on the SKM.

Secure Key Manager

185

Advertising
Popular Brands
Popular manuals