Topologies with VPNs: Exinda Appliance in a network with a VPN
The typical deployment places an Exinda Appliance between an internal LANLocal area network switch and VPNVirtual Private Network terminator. This allows the Exinda to monitor and optimize traffic before it's encrypted and transported across the VPN tunnel.
In scenarios where the Exinda Appliance is placed between the VPN terminator and the router, the Exinda Appliance sees only encrypted tunnel traffic.
Installing an Exinda Appliance in a network environment with a VPN
Scenario 1:
- Connect the Exinda WANWide Area Network port into the internal interface of the VPN terminator using a crossover cable.
- Connect the Exinda LAN port into the LAN switch.
Scenario 2:
- Connect the Exinda WAN port into the internal interface of the router.
- Connect the Exinda LAN port into the external interface of the VPN terminator using a crossover cable.
- Connect an Exinda unbridged interface (e.g., eth1 on a 4060) into the LAN switch and configure an address to manage the appliance.
There are a few Exinda Appliance basics to keep in mind while planning a deployment. For more information refer to Basic characteristics and behaviors of Exinda Appliances.
Capabilities of an Exinda Appliance in a network environment with a VPN
In VPN scenario 2, the Exinda Appliance:
- Monitors and controls any unencrypted traffic to the WAN and Internet.
- Monitors and prioritizes encrypted traffic between other VPN terminator sites. Only a single IPInternet protocol address will be visible per site.
Limitations of an Exinda Appliance in a network environment with a VPN
In VPN scenario 2 the Exinda appliance cannot monitor and prioritize the encrypted traffic by application, internal hosts and servers.