HP VPN Server Appliance sa3110/sa3150/sa3400/sa3450 Network Layout Reference Guide
Client Scenarios
Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Network Layout Reference Guide
5
Table:
Table:Table:
Table:
Inline Router Configuration Parameters
Inline Router Configuration ParametersInline Router Configuration Parameters
Inline Router Configuration Parameters
In Parallel With
In Parallel With In Parallel With
In Parallel With
Firewall
Firewall Firewall
Firewall
(Extranet or
(Extranet or (Extranet or
(Extranet or
Intranet)
Intranet)Intranet)
Intranet)
In this scenario, VPN Client traffic is handled either through a
router (inline) or by directly dialing in to the PSTN. In addition,
there is a third-party firewall on the network handling firewall
functionality.
• For inline router configurations:
— The router accepts all incoming client traffic, then trans-
fers the traffic to the VPN device.
— The VPN device then transfers the traffic to the local
network to which it is attached.
— The VPN device is in router mode and does not perform
firewall functions.
NAT by Router
NAT by RouterNAT by Router
NAT by Router No NAT
No NATNo NAT
No NAT
Interface E0:
IP: 10.250.128.2 255.255.255.0
Mode: Red
Interface E0:
IP: 205.25.128.2 255.255.255.0
Mode: Red
Interface E1:
IP: 192.168.10.2 255.255.255.0
Mode: Red
Interface E1:
IP: 210.35.129.2 255.255.255.0
Mode: Red
Configuration file entries/
routing info:
security profile remote user
remote tunnel johndoe
security-profile remote
user
client-ip 10.250.128.3
255.255.255.255
Configuration file entries/routing
info:
security profile remote user
remote tunnel johndoe
security-profile remote user
ip route 209.29.128.50
255.255.255.255 john doe
VPN Client IP: 10.250.128.3 VPN Client IP: Uses ISP IP (no
client IP)
Subnet: 10.250.128.0 (net-
include)
Subnet: 205.25.128.0 (net-include)
ISP IP: 209.29.128.50 ISP IP: 209.29.128.50