sa3450 and sa3000 Series VPN Manager - Release 6.8.2 Release Notes

Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450

Special Considerations

Outbound Proxy Rule With Dual-Default

Gateways Requires Static Route

Reference Number 262DF

Although a VPN device may have a red default gateway

defined, a black default gateway defined, an outbound

proxy rule, and a requirement to reach services, such as a

RADIUS server or an ACE/Server, you will not be able to

reach the service from the VPN device unless a specific

static route is defined.

IPSec-Default and Remote-Group IPSec

Not Removable

Reference Number 13DF

IPSec-Default and Remote-group IPSec cannot be removed

permanently from a device configuration. Although you

can go through the steps to delete these items and then

attempt to write the configuration change to memory,

when you reboot the device, enter Normal Mode, and enter

the Show Configuration command, the deleted Remote-

group IPSec and the Secure-profile IPSEC-Default are still

present.

This functionality supports policy-based management.

Static Client IP Assignments Using ACL

Typically, Client-IP addresses are not assigned statically in

the Access Control List (ACL). However, if there are

occasions where the addresses are assigned statically in

the ACL, note that an IP address or a range of IP addresses

must be set aside in the group tunnel corresponding to the

ACL.