Welcome to HealthVPN

The Nortel Contivity VPN Concentrator can be installed along your corporate firewall in a number of standard configurations.

Each of the options is explained below.

Option 1

The Nortel Contivity VPN Concentrator connects from the DMZ interface of the customer firewall to a dedicated private interface on the firewall

VPN traffic passes from the DMZ port of the firewall, through the Contivity and back into a spare port on the firewall allowing further rules to be applied (If required) before being forwarded to the LAN.

Key points

1. Spare LAN port required on the firewall
2. All configuration is carried out within the customer firewall, no impact on LAN devices
3. A single gateway is presented to LAN devices for all Internet and VPN destinations

Option 2

The Nortel Contivity VPN Concentrator connects from the DMZ interface of the customer firewall to a layer-3 switch or router.

VPN traffic passes from the DMZ port of the firewall, through the Contivity and on to a layer-3 device (layer-3 switch or router). Non-VPN traffic from the firewall would also pass through this device. This allows the layer-3 device to become the gateway for LAN traffic destined for the Internet, and it can route to and from the Contivity VPN or firewall accordingly.

Key points

1. Minimal firewall configuration
2. Layer-3 device required to act as the gateway for Internet and VPN traffic and route accordingly

Option 3

The Nortel Contivity VPN Concentrator connects from the DMZ interface of the customer firewall directly to the corporate LAN.

VPN traffic passes from the DMZ port of the firewall, through the Contivity and directly onto the LAN. To ensure that inbound traffic is symmetrical, a single gateway for Internet and VPN traffic is required. The Contivity PN will perform this role and redirect non-VPN traffic back to the firewall.

Key points

1. Allows Contivity to be the gateway for Internet and VPN traffic when there is no layer-3 LAN device to perform this function
2. Minimal firewall configuration
3. Contivity becomes the default gateway for LAN devices.

Option 4

A layer-2 device (hub/switch) is attached to the LAN port of the N3 router. The Nortel Contivity VPN Concentrator and firewall both attach to this.

The VPN Concentrator link bypasses the corporate firewall for VPN users.

Key points

1. No firewall configuration
2 . Simplest overall configuration