Here follows screen shots of the configuration for the X Family running X3.1.2098 and SS3 Firewall running v6.3.3 in order to establish an IPSEC VPN tunnel. The SS3 Firewall is in Standard mode and the X series Firewall is in NAT mode.

The following is general guidance only. Some networks may require special guidance and configuration, in which case it is advisable to contact 3Com technical support.

The SS3 Firewall is in standard mode, which means that the LAN and WAN share the same subnet acting as a bridge. In this case the SS3 Firewall IP address is 30.30.30.31:

Enable the VPN feature on the SS3 Firewall

Define the IPSEC SA as follows:

Specify the X series Firewall LAN IP subnet 192.168.1.0/24

Define the desired Security zone, in this example we will only use the WAN and LAN security zones

The X series firewall in this example is in NAT mode which means it has a private IP address on the LAN side 192.168.1.31 and a Public IP address 20.20.20.31 on the WAN side

Define the New Security Association as shown below; you will notice that the Peer IP address is the SS3 Firewall box IP address 30.30.30.31 which is actually included in the screenshot in the Remote networks 30.30.30.0/255.255.255.0

This is however not an issue as the X series is able to differentiate the Peer address and the remote LAN addresses.

Define the X series Firewall Local network 192.168.1.0/255.255.255.0 and the SS3 Firewall standard mode network as the SA remote network 30.30.30.0/255.255.255.0

— David Gonzalez 2021/04/08 15:09