cancel
Showing results for 
Search instead for 
Did you mean: 

SSLVPN - One Armed - howto?

willj_
Occasional Contributor

SSLVPN - One Armed - howto?

Could anyone point me to the doc showing how to deploy using a one-armed strategy. (sslvpn using just a single interface in a dmz)


thanks

2 REPLIES 2
mehdi_
Contributor

Re: SSLVPN - One Armed - howto?

Hi willj

i have deployed SA with singel Interface in DMZ, i don't have any docuementation but i can help you how you can deploy it, it's very easy, you just configure your default route to your gateway, and use only Internal Port

example :

Internal Port : 192.168.3.3/255.255.255.0

GW 192.168.3.1

Routes :

defaut route 0.0.0.0 0.0.0.0 192.168.3.1

in my example i used all Juniper's product SA and Firewall Netscreen

after create DMZ "Zone in Netscreen Firewall and configure interface or subinterface with Tag "Vlan" you put the SA witin Zone, for SA to be reachebel i created VIP from Public ip to SA ip "NAT dst".

after that i created policy rules on the firewall for diferente destination nedded Smiley Happy

i hope this help you, you can find on attachemet schama

cglanville_
Occasional Contributor

Re: SSLVPN - One Armed - howto?

I've also setup the appliance with only a single interface. There isn't anything special, I just assigned the interface a private IP address and then used a Juniper firewall to allow/restrict access. I then NAT'd a public IP to the private IP.