NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual
Installing the SSL312 2-3
v2.0, May 2007
authorized for that user. The user’s subsequent requests for network services are decrypted by the
SSL VPN Concentrator and relayed to the appropriate network servers on the corporate network.
Routing mode has the advantage of unloading SSL traffic from your firewall. However, your
network may not be as well protected since the firewall can not inspect this traffic.
In later steps, you will use the following settings when configuring for routing operation.
• Assign Ethernet Port 1 a public IP address.
• Assign Ethernet Port 2 an IP address on your local network.
• Enable Routing Mode.
Initial Connection to the SSL VPN Concentrator
In its factory default state, the SSL VPN Concentrator Ethernet Port 1 IP address is 192.168.1.1
and the Ethernet Port 2 IP address is 10.0.0.1. Unless these default IP addresses are compatible
with your network, you must configure and connect a computer directly to Ethernet Port 1 for
initial configuration including reassignment of the Ethernet Port IP addresses. This procedure is
described in the following steps:
Figure 2-1
Note: The SSL VPN Concentrator does not perform Network Address Translation
(NAT). Also, the SSL VPN Concentrator only enforces access policies on SSL
VPN traffic, not on other TCP/IP protocols. Therefore, the SSL VPN
Concentrator should always be used in conjunction with a network firewall.
SSL312
10.0.0.254
10.0.0.10
10.0.0.20
10.0.0.1
66.123.4.80
Red = Public (untrusted)
Green = Local (trusted)
