Tunnel Termination and Firewall Rules
Hewlett-Packard Company Virtual Private Networking Concepts Guide
5-31
Tunnel Termination and Firewall Rules
Tunnel Termination and Firewall Rules
Tunnel Termination and Firewall Rules
Tunnel Termination and Firewall Rules
When a tunnel terminates outside a firewall, a packet must be
compared to the firewall rules, which determine whether or not
to let the packet through the gateway. In this way, tunnels and
firewall rules can be used together to specify what traffic passes
through the VPN device. Four basic permutations of tunnel
termination and traffic destinations exist:
•
The tunnel terminates on the red (trusted) network or interface and
the traffic is destined for the red (trusted) network or interface.
•
The tunnel terminates on the black (untrusted) network or
interface, but the traffic is destined for the red (trusted)
network or interface.
•
The tunnel terminates on the red (trusted) network or
interface, but the traffic is destined for the black (untrusted)
network or interface.
•
The tunnel terminates on the black (untrusted) network or
interface and the traffic is destined for the black (untrusted)
network or interface.
Note:
Note:
Note:
Note: The terms network and interface are used
interchangeably.
Tunnel
Tunnel
Tunnel
Tunnel
Terminates in
Terminates in
Terminates in
Terminates in
the Red
the Red
the Red
the Red
(Trusted)
(Trusted)
(Trusted)
(Trusted)
Network
Network
Network
Network
The case where a tunnel terminates in the red (trusted) network
and the traffic is destined for the red (trusted) network is the
typical case of giving a remote device complete access to the
trusted side of the VPN device. Because the tunnel bypasses the
firewall, the destination addresses of the traffic are examined
only for the purpose of routing the packets to their destination.