Netgear FVS124G FVS124G Reference Manual - Page 40

Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports VPN Gateway-to-Gateway: Dual Gateway WAN Ports for Improved Reliability In the case of the dual WAN ports on the gateway VPN firewall (Figure 3-13), either of the gateway WAN ports at one end can initiate the VPN tunnel with the appropriate gateway WAN port at the other end as necessary to balance the loads of the gateway WAN ports because the IP addresses of the WAN ports are known in advance. In this example, port WAN_A1 is active and port WAN_A2 is inactive at Gateway A; port WAN_B1 is active and port WAN_B2 is inactive at Gateway B. 10.5.6.0/24 Gateway-to-Gateway Example (Dual WAN Ports, Before Rollover) 172.23.9.0/24 LAN IP 10.5.6.1 Gateway A VPN Router (at office A) WAN_A1 IP netgearA.dyndns.org WAN_B1 IP netgearB.dyndns.org Gateway B X X WAN_A2 port inactive X X WAN_B2 port inactive WAN_A2 IP (N/A) WAN_B2 IP (N/A) VPN Router Fully-Qualified Domain Names (FQDN) (at office B) - required for Fixed IP addresses - required for Dynamic IP addresses LAN IP 172.23.9.1 Figure 3-13: Dual gateway WAN ports, before rollover, for gateway-to-gateway VPN tunnels The IP addresses of the gateway WAN ports can be either fixed or dynamic, but a fully-qualified domain name must always be used because the active WAN ports could be either WAN_A1, WAN_A2, WAN_B1, or WAN_B2 (i.e., the IP address of the active WAN port is not known in advance). After a rollover of a gateway WAN port (Figure 3-14), the previously inactive gateway WAN port becomes the active port (port WAN_A2 in this example) and one of the gateway VPN firewalls must re-establish the VPN tunnel. 3-10 202-10085-01, March 2005 Network Planning