1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. SSL312
    5. /
  5. 4
Page 16 / 120 Scroll up to view Page 11 - 15
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual
1-4
Introduction
v1.1, November 2006
Front Panel
The SSL VPN Concentrator front panel hardware is shown below:
The SSL VPN Concentrator front panel hardware functions are described below:
1.
LED Power Indicator:
Off – No power
On – Power is on.
2.
LED Self test Indicator.
Self test – on while initializing. (~2 minutes)
Loading Software – blinking while uploading software
System fault – on (prolonged)
This LED will blink for 1-2 minutes before going off.
3.
Two 10/100M Ethernet ports:
A solid green LED indicates a connectivity link has been established on either the 10M or
100M interface.
A blinking green LED indicates activity on either the 10M or 100M interface.
4.
Serial Console Port
Male
DB-9 serial port for serial DTE connections.
5.
Restore to Factory Defaults Button
Figure 1-1
1
2
3
4
5
Page 17 / 120
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual
Introduction
1-5
v1.1, November 2006
Back Panel
The SSL VPN Concentrator back panel hardware is shown below and consists of the power On/
Off switch and the 110-240V power cord connection.
Steps for Deploying the SSL312
Three basic steps are involved in deploying the ProSafe SSL VPN Concentrator 25 in your
network.
Installing the SSL312: choosing a network topology, configuring its IP addressing scheme,
connecting the SSL312, and provisioning the SSL certificate. Refer to
Chapter 2, “Installing
the SSL312”
.
Setting up SSL312 user accounts: creating individual user accounts, grouping users by
common access privileges, and defining those privileges. Refer to
Chapter 3, “Authenticating
Users”
and
Chapter 4, “Setting Up User and Group Access Policies”
.
Configuring remote access to corporate network resources through the SSL312: designing the
presentation Web portal that will display the available corporate resources to remotely
connected users. Refer to
Chapter 5, “Configuring the Remote Access Web Portal”
.
Figure 1-2
Note:
Never substitute a power cord. Only use the power cord provided with the SSL
VPN Concentrator.
Page 18 / 120
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual
1-6
Introduction
v1.1, November 2006
Page 19 / 120
2-1
v1.1, November 2006
Chapter 2
Installing the SSL312
This chapter describes how to install the ProSafe SSL VPN Concentrator 25 SSL312. The
installation includes choosing a network topology, configuring the IP addressing scheme,
connecting the SSL312, and provisioning the SSL certificate.
Choosing a Network Topology
The physical connection of the SSL VPN Concentrator to your network is determined by the
network topology you choose. There are two common network topologies for installing the SSL
VPN Concentrator: single arm or routing. Variations of these topologies are possible, particularly
if your firewall supports a DMZ connection.
Single Arm
In the single arm, or one port, topology, the SSL VPN Concentrator’s Ethernet Port 1 is connected
to your corporate Ethernet network behind your existing firewall, while Ethernet Port 2 is not used.
The single active Ethernet port hosts both the encrypted connection to the Internet and the
decrypted connection to the corporate network’s resources.
As shown in the following figure, encrypted SSL traffic from a remote user passes through the
firewall and terminates at the SSL VPN Concentrator, which authenticates the user and displays
the portal and resources authorized for that user. The user’s subsequent requests for network
services are decrypted by the SSL VPN Concentrator and relayed to the appropriate corporate
network servers.
Page 20 / 120
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual
2-2
Installing the SSL312
v1.1, November 2006
.
Single arm mode has the advantage of being protected by your firewall.
In later steps, you will use the following settings when configuring for single arm operation.
Assign Ethernet Port 1 an IP address on your local network.
Disable Ethernet Port 2.
Disable Routing Mode.
Define a default route to the firewall.
If your firewall performs NAT, you must configure the firewall to forward incoming HTTPS
traffic to the IP address of Ethernet Port 1.
Routing
In the routing, or two port, topology, the SSL VPN Concentrator is connected in parallel with your
existing firewall. Ethernet Port 1 is connected to the untrusted side of your firewall, while Ethernet
Port 2 connects to your corporate network.
As shown in the following figure, encrypted SSL traffic from a remote user is sent directly to the
SSL VPN Concentrator, which authenticates the user and displays the portal and resources
Figure 2-1
Note:
NETGEAR recommends single arm operation for most networks.
Corporate Server
IP Address 192.168.1.3
SSL312 IP Address
192.168.1.1
Firewall/Router
IP Address
192.168.1.254
LAN Subnet
192.168.1.0/24

Rate

4 / 5 based on 1 vote.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top