The Nortel Contivity VPN Concentrator can be installed along your corporate firewall in a number of standard configurations.

Each of the options is explained below.

The Nortel Contivity VPN Concentrator connects from the DMZ interface of the customer firewall to a dedicated private interface on the firewall

VPN traffic passes from the DMZ port of the firewall, through the Contivity and back into a spare port on the firewall allowing further rules to be applied (If required) before being forwarded to the LAN.

1. Spare LAN port required on the firewall
2. All configuration is carried out within the customer firewall, no impact on LAN devices
3. A single gateway is presented to LAN devices for all Internet and VPN destinations

The Nortel Contivity VPN Concentrator connects from the DMZ interface of the customer firewall to a layer-3 switch or router.

VPN traffic passes from the DMZ port of the firewall, through the Contivity and on to a layer-3 device (layer-3 switch or router). Non-VPN traffic from the firewall would also pass through this device. This allows the layer-3 device to become the gateway for LAN traffic destined for the Internet, and it can route to and from the Contivity VPN or firewall accordingly.

1. Minimal firewall configuration
2. Layer-3 device required to act as the gateway for Internet and VPN traffic and route accordingly