Scenario 1: Typically customers will place the Exinda between their internal LAN switch and VPN terminator. This allows for monitoring and optimization of traffic before it gets encrypted and transported across the VPN tunnel.
Scenario 2: There are scenarios where the Exinda can only plug in between the VPN terminator and the router. In this scenario only encrypted tunnel traffic will be seen by the Exinda appliance. Typically traffic of the GRE or ESP protocol will be present.
All platforms support this topology.
Installation
Scenario 1:
- Connect the Exinda WAN port into the internal interface of the VPN terminator using a crossover cable.
- Connect the Exinda LAN port into the LAN switch.
Scenario 2:
- Connect the Exinda WAN port into the internal interface of the router.
- Connect the Exinda LAN port into the external interface of the VPN terminator using a crossover cable.
- Connect an Exinda unbridged interface (e.g. eth1 on a 4060) into the LAN switch and configure an address to manage the appliance.
Capabilities
In VPN scenario 2, the Exinda appliance can:
- Monitor and control any unencrypted traffic to the WAN and Internet.
- Monitor and prioritize the encrypted traffic between other VPN terminator sites. Only a single IP address will be visible per site.
Limitations
In VPN scenario 2 the Exinda appliance cannot:
- Monitor and prioritize the encrypted traffic by application, internal hosts and servers.