Netgear FVS124G FVS124G Reference Manual - Page 41

Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports 10.5.6.0/24 Gateway-to-Gateway Example (Dual WAN Ports, After Rollover) 172.23.9.0/24 LAN IP 10.5.6.1 Gateway A VPN Router (at office A) WAN_A1 IP (N/A) WAN_A1 port inactive X X WAN_B1 IP netgearB.dyndns.org Gateway B netgear.dyndns.org WAN_A2 IP X X WAN_B2 port inactive WAN_B2 IP (N/A) VPN Router Fully-Qualified Domain Names (FQDN) (at office B) - required for Fixed IP addresses - required for Dynamic IP addresses LAN IP 172.23.9.1 One of the gateway routers must re-establish VPN tunnel after a rollover Figure 3-14: Dual gateway WAN ports, after rollover, for gateway-to-gateway VPN tunnels The purpose of the fully-qualified domain names is this case is to toggle the domain name of the failed-over gateway firewall between the IP addresses of the active WAN port (i.e., WAN_A1 and WAN _A2 in this example) so that the other end of the tunnel has a known gateway IP address to establish or re-establish a VPN tunnel. VPN Gateway-to-Gateway: Dual Gateway WAN Ports for Load Balancing In the case of the dual WAN ports on the gateway VPN firewall (Figure 3-15), either of the gateway WAN ports at one end can be programmed in advance to initiate the VPN tunnel with the appropriate gateway WAN port at the other end as necessary to manage the loads of the gateway WAN ports because the IP addresses of the WAN ports are known in advance. 10.5.6.0/24 Gateway-to-Gateway Example (Dual WAN Ports, Load Balancing) 172.23.9.0/24 LAN IP 10.5.6.1 Gateway A VPN Router (at office A) WAN_A1 IP netgear1.dyndns.org WAN_B1 IP 22.23.24.25 netgear2.dyndns.org WAN_A2 IP 22.23.24.26 WAN_B2 IP Fully-Qualified Domain Names (FQDN) - optional for Fixed IP addresses - required for Dynamic IP addresses Gateway B VPN Router (at office B) LAN IP 172.23.9.1 Figure 3-15: Dual gateway WAN ports (load balancing case) for gateway-to-gateway VPN tunnels Network Planning 202-10085-01, March 2005 3-11