Vpn Routing Between Two Nokia Ip40 Security Platforms; Mesh Vpn Support - Nokia IP40 User Manual

14
Working with VPNs

VPN Routing Between Two Nokia IP40 Security Platforms

VPN Routing is a feature which is designed to fulfill the need for gateways to encrypt with each
other indirectly, via a central VPN-1 Module which acts as a VPN Router by decrypting the
traffic coming from one gateway and encrypting it to forward to another gateway. This feature is
very useful in many scenarios such as:
DAIP (VPN-1 Module with a Dynamic IP address) to DAIP encryption: Since the DAIP
Modules are not aware of each others dynamically assigned IP address, one solution is to
forward traffic through a central VPN-1 Router, to which both DAIP modules connect.
Mimicking the architecture of Frame Relay networks for an easier migration from traditional
networks to IP based network using IPsec VPN.
Enabling simple configuration for branch offices by hiding from it the entire network while
allowing them full connectivity.

Mesh VPN Support

This section explains mesh VPN support between different Nokia IP40 Security Platforms using
Check Point R55 with HotFix 4 and above.
The Nokia IP40 Security Platform supports mesh VPN topology using Check Point where
different IP40 Security Platforms are configured as site to site VPNs within a mesh topology.
The limitation in this scenario is that the IP40 configured on Check Point should have a static
WAN IP address.
196 Nokia IP40 Security Platform User's Guide v1.1