Information in this document is provided in connection with
Hewlett-Packard Company products. No license, express or
implied, by estoppel or otherwise, to any intellectual property
rights is granted by this d ocument. Except as provided in
Hewlett-Packard Company’s Terms and Conditi on s of Sale for
such products, Hewlett-Packard Company assumes no liability
whatsoever, and Hewlett-Packard Company disclaims any
express or implied warranty, relating to sale and/or use of
Hewlett-Packard Company products including liability or
warranties relating to fitness for a particular purpose,
merchantability, or infringement of any patent, copyright or
other intellectual property right. Hewlett-Packard Company
products are not intended for use in medical, life saving, or life
sustaining applications.
Hewlett-Packard Company may make changes to specifications
and product descriptions at any time, without notice.
Hewlett-Packard VPN Server Appliance SA3110/SA3150/
This
SA3400/SA3450 Network Layout Reference Guide
the software described in it is furnished under license and may
only be used or copied in accordance with the terms of the
license. The information in this manual is furnished for
informational use only, is subject to change without notice, and
should not be construed as a commitment by Hewlett-Packard
Company. Hewlett-Pac kard Compa ny assumes no re sponsibility
or liability for any erro rs or inaccur acies that may appear in th is
document or any software that may be provided in association
with this document.
, as well as
Except as permitted by such license, no part of this document
may be reproduced, stored in a retrieval system, or transmitted
in any form or by any means without the express written consent
of Hewlett-Packard Company.
The purpose of this
you install the HP VPN Server Appliance SA3110/SA3150/
SA3400/SA3450 in your network. The term VPN device is used in
this document to refer to all of these devices.
Here are some real-world examples of how the VPN device can
be incorporated into your network infrastructure. Skim through
the following scenarios and find the ones most similar to your
network configuration. Then, note the corresponding
configuration options to help you quickly install the VPN device
into your network.
Scenarios are divided into client and LAN-to-LAN.
Client Scenarios
Client Scenarios•One-armed router configuration (VPN server) with no
Client ScenariosClient Scenarios
firewall
•Inline router configuration
•In parallel with firewall (for extranet or intranet)
•Bridge configuration
•Edge router configuration
•Behind a firewall (one-armed) that may or may not use
network address translation (NAT)
•Behind a firewall (inline) that may or may not use NAT
•VPN device as a firewall
Network Layout Reference Guide
is to help
LAN-to-LAN
LAN-to-LAN
LAN-to-LAN LAN-to-LAN
Scenarios
Scenarios
ScenariosScenarios
Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Network Layout Reference Guide 1
•In parallel with a firewall and no NAT
•In parallel with a firewall with NAT
•Behind a firewa ll (one-arm ed ) th at ma y or may not use NAT
•Behind a firewall (inline) that may or may not use NAT
•VPN device as a firewall (may or may not use NAT)
HP VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Network Layout Reference Guide
Client Scenarios
Client Scenarios
Client ScenariosClient Scenarios
If you are using the VPN device with the HP SA3000 Series VPN
Client, skim the following scenarios and find the ones most
similar to your network configuration . Then, use the
corresponding table of configuration parameters as a guideline
when configuring your VPN device and VPN Client.
If you are using the VPN device in LAN-to-LAN configurations,
skip to the next section “LAN-to-LAN Scenarios.”
One-Ar me d
One-Ar me d
One-Ar me d One-Ar me d
Router
Router
Router Router
Configuration
Configuration
Configuration Configuration
With No
With No
With No With No
Firewall
Firewall
Firewall Firewall
This scenario s ho ws the following:
•One-armed configuration uses only one of the VPN device’s
two interfaces.
•Firewall is not enabled.
•The VPN device (VPND) acts as a VPN server.
Internal
Network
Desktop
System
Internet
Connection
VPN Client
Direct
Dial
Figure: One-Armed Configuration With No Firewall
Figure: One-Armed Configuration With No Firewall
Figure: One-Armed Configuration With No FirewallFigure: One-Armed Configuration With No Firewall
Configuring a One- Ar m ed R outer Conf i g urat i on
Configuring a One- Ar m ed R outer Conf i g urat i on
Configuring a One- Ar m ed R outer Conf i g urat i on Configuring a One- Ar m ed R outer Conf i g urat i on
Internet
PSTN
Router
Router or Remote
Access Server
Router Mode
VPND
No Firewall
Functions
E0
Desktop
System
Laser Printer
When setting up a VPN device, you must configure many global
configuration set tings. You configure the VPN device through
the HP SA3000 Series VPN Manager or command shell.
2 Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Network Layout Reference Guide
Client Scen ar io s
To set up a one-armed router configuration, use the
configuration parameters in the following table. Note that the
values of these parameters are examples only; you must enter
values specific to your network.
ne-Armed Rout er Con figu rati on Paramet ers
Table:
Tabl e : O
Table:Table:
NAT by Router
NAT by RouterNo NAT
NAT by RouterNAT by Router
ne-Armed Rout er Con figu rati on Paramet ers
O
ne-Armed Rout er Con figu rati on Paramet ersne-Armed Rout er Con figu rati on Paramet ers
O O
No NAT
No NATNo NAT
Interface E0:
IP: 10.250.128.2 255.255.255.0
Mode: Red
Interface E1: (not used for
one-armed)
IP: NA
Mode: NA
Configuration file entries/
routing info:
security profile remote user
remote tunnel johndoe
security-profile remote
user
client-ip 10.250.128.2
Interface E0:
IP: 205.25.128.2 255.255.255.0
Mode: Red
Interface E1: (not used for onearmed)
IP: NA
Mode: NA
Configuration file entries/routing
info:
security profile remote user
remote tunnel johndoe
security-profile remote user
ip route 209.29.128.50
255.255.255.255 john doe
VPN Client IP: Uses ISP IP (no
client IP)
Subnet: 205.25.128.0 (net-include)
Inline Router
Inline Router
Inline Router Inline Router
Configuration
Configuration
ConfigurationConfiguration
Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Network Layout Reference Guide
In this scenario, VP N C lient traffic is handled either through a
router (inline) or by directly dialing into the public-switched
telephone network (PSTN).
•For inlin e router configurations:
— The router accepts all incoming client traffic then trans-
fers the traffic to the VPN device.
3
HP VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Network Layout Reference Guide
— The VPN device then transfers the traffic on to the local
network to which it is attached. The VPN device may or
may not perform firewall functions on the traffic.
•For direct dial into the PSTN:
— T raffic may go throu gh a router or remote access serve r,
which may or may not perform NAT.
— The traffic then goes through the VPN device, which
may or may not perform firewall functions on the
traffic.
Internal
Network
Internet Connection
VPN Client
Direct Dial
Configuring an Inl ine Rou ter Conf igura tion
Configuring an Inl ine Rou ter Conf igura tion
Configuring an Inl ine Rou ter Conf igura tion Configuring an Inl ine Router Co nfig urati on
When setting up a VPN device, you must configure many global
configuration set tings. You configure the VPN device through
the VPN Manager or command shell.
To set up an inline router configuration, use the configuration
parameters in the following table. Note that the values of these
parameters a re examp les only ; you must enter values s pecific to
your netw or k.
4 Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Network Layout Reference Guide
Inline Route r Confi gurati on Para mete rs
Table:
Table:
Table:Table:
NAT by Router
NAT by RouterNo NAT
NAT by RouterNAT by Router
Inline Route r Confi gurati on Para mete rs
Inline Route r Confi gurati on Para mete rsInline Route r Confi gurati on Para mete rs
No NAT
No NATNo NAT
Client Scen ar io s
Interface E0:
IP: 10.250.128.2 255.255.255.0
Mode: Red
Interface E1:
IP: 192.168.10.2 255.255.255.0
Mode: Red
Configuration file entries/
routing info:
security profile remote user
remote tunnel johndoe
security-profile remote
user
client-ip 10.250.128.3
255.255.255.255
VPN Client IP: 10.250.128.3VPN Client IP: Uses ISP IP (no
Subnet: 10.250.128.0 (netinclude)
ISP IP: 209.29.128.50ISP IP: 209.29.128.50
Interface E0:
IP: 205.25.128.2 255.255.255.0
Mode: Red
Interface E1:
IP: 210.35.129.2 255.255.255.0
Mode: Red
Configuration file entries/routing
info:
security profile remote user
remote tunnel johndoe
security-profile remote user
ip route 209.29.128.50
255.255.255.255 john doe
client IP)
Subnet: 205.25.128.0 (net-include)
In Parallel With
In Parallel With
In Parallel With In Parallel With
Firewall
Firewall
Firewall Firewall
(Extranet or
(Extranet or
(Extranet or (Extranet or
Intranet)
Intranet)
Intranet)Intranet)
Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Network Layout Reference Guide
In this scenario, VP N C lient traffic is handled either through a
router (inline) or by directly dialing in to the PSTN. In addition,
there is a third-party firewall on the network handling firewall
functionality.
•For inlin e router configurations:
— The router accepts all incoming client traffic, then trans-
fers the traffic to the VPN device.
— The VPN device then transfers the traffic to the local
network to which it is attached.
— The VPN device is in router mode and does not perform
firewall functi on s.
5
HP VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Network Layout Reference Guide
— Traffic is then handed to the third-party firewall, which
performs firewall functions before handing the traffic
onto the local network .
•For direct dial into the PSTN:
— T raffic may go throu gh a router or remote access serve r,
which may or may not perform NAT.
— The traffic then goes through the VPN device (VPND),
which passes the traffic to the local network.
— The third-party firewall then performs firewall functions
on the traffic before passing it to the local network.
Internet
Connection
VPN Client
Internal
Network B
(directly
connected
to Internet)
Internet
Router
Router
PSTN
Direct Dial
Configuring an In Parallel With Firewall Configuration
Configuring an In Parallel With Firewall Configuration
Configuring an In Parallel With Firewall Configuration Configuring an In Parallel With Firewall Configuration
Remote Access Server
Figure: In Parallel With Firewall
Figure: In Parallel With Firewall
Figure: In Parallel With FirewallFigure: In Parallel With Firewall
May/May Not NAT
E1E0
VPND
Network A
Firewall
Router
Mode
Internal
Desktop System
Laser Printer
File Server
When setting up a VPN device, you must configure many global
configuration set tings. You configure the VPN device through
the VPN Manager or command shell.
To set up an in parallel with firewall configuration, use the
configuration parameters in the following table. Note that the
values of these parameters are examples only; you must enter
values specific to your network.
6 Hewlett-Packard VPN Server Appliance SA3110/SA3150/SA3400/SA3450 Network Layout Reference Guide
Loading...
+ 25 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.