Manualshelf

Quick Reference Guide

ManualsBrandsNetgear ManualsPC ComponentsNetgear FVX538v2
211212213214215216217218219220
ProSafe VPN Firewall 200 FVX538 Reference Manual
B-16 Network Planning for Dual WAN Ports
v1.0, January 2010
The purpose of the fully-qualified domain names is this case is to toggle the domain name of the
failed-over gateway firewall between the IP addresses of the active WAN port (i.e., WAN_A1 and
WAN _A2 in this example) so that the other end of the tunnel has a known gateway IP address to
establish or re-establish a VPN tunnel.
VPN Gateway-to-Gateway: Dual Gateway WAN Ports for Load Balancing
In the case of the dual WAN ports on the gateway VPN firewall, either of the gateway WAN ports
at one end can be programmed in advance to initiate the VPN tunnel with the appropriate gateway
WAN port at the other end as necessary to manage the loads of the gateway WAN ports because
the IP addresses of the WAN ports are known in advance.
The IP addresses of the gateway WAN ports can be either fixed or dynamic. If an IP address is
dynamic, a fully-qualified domain name must be used. If an IP address is fixed, a fully-qualified
domain name is optional.
VPN Telecommuter (Client-to-Gateway Through a NAT Router)
The following situations exemplify the requirements for a remote PC client connected to the
Internet with a dynamic IP address through a NAT router to establish a VPN tunnel with a gateway
VPN firewall at the company office:
Single gateway WAN port
Redundant dual gateway WAN ports for increased reliability (before and after rollover)
Figure B-16
Note: The telecommuter case presumes the home office has a dynamic IP address and
NAT router.