Netgear FVS124G FVS124G Reference Manual - Page 36

Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports Dual WAN Ports (Before Rollover) WAN1 IP Gateway netgear.dyndns.org X X VPN Router WAN2 port inactive WAN2 IP (N/A) Dual WAN Ports (After Rollover) Gateway WAN1 IP (N/A) WAN1 port inactive X X netgear.dyndns.org VPN Router WAN2 IP IP address of active WAN port changes after a rollover (use of fully-qualified domain names always required) Figure 3-6: Dual gateway WAN ports before and after rollover • Load Balancing Case for Dual Gateway WAN Ports Load balancing (Figure 3-7) for the dual gateway WAN port case is the same as the single gateway WAN port case when specifying the IP address of the VPN tunnel end point. Each IP address is either fixed or dynamic based on the ISP: fully-qualified domain names must be used when the IP address is dynamic and are optional when the IP address is static. Dual WAN Ports (Load Balancing) WAN1 IP Gateway netgear1.dyndns.org netgear2.dyndns.org VPN Router WAN2 IP IP addresses of WAN ports same as single WAN port case (use of fully-qualified domain names required for dynamic IP addresses and optional for fixed IP addresses) Figure 3-7: Dual gateway WAN ports for load balancing VPN Road Warrior (Client-to-Gateway) The following situations exemplify the requirements for a remote PC client with no firewall to establish a VPN tunnel with a gateway VPN firewall: • Single gateway WAN port • Redundant dual gateway WAN ports for increased reliability (before and after rollover) • Dual gateway WAN ports used for load balancing VPN Road Warrior: Single Gateway WAN Port (Reference Case) In the case of the single WAN port on the gateway VPN firewall (Figure 3-8), the remote PC client initiates the VPN tunnel because the IP address of the remote PC client is not known in advance. The gateway WAN port must act as the responder. 3-6 Network Planning 202-10085-01, March 2005