Netgear FVX538 FVX538 Reference Manual - Page 208

ProSafe VPN Firewall 200 FVX538 Reference Manual The IP addresses of the gateway WAN ports can be either fixed or dynamic, but a fully-qualified domain name must always be used because the active WAN ports could be either WAN_A1, WAN_A2, WAN_B1, or WAN_B2 (i.e., the IP address of the active WAN port is not known in advance). After a rollover of a gateway WAN port (Figure C-15), the previously inactive gateway WAN port becomes the active port (port WAN_A2 in this example) and one of the gateway VPN firewalls must re-establish the VPN tunnel. 10.5.6.0/24 Gateway-to-Gateway Example (Dual WAN Ports, After Rollover) 172.23.9.0/24 LAN IP 10.5.6.1 Gateway A VPN Router (at office A) WAN_A1 IP (N/A) WAN_A1 port inactive X X WAN_B1 IP netgearB.dyndns.org Gateway B netgear.dyndns.org WAN_A2 IP X X WAN_B2 port inactive WAN_B2 IP (N/A) VPN Router Fully-Qualified Domain Names (FQDN) (at office B) - required for Fixed IP addresses - required for Dynamic IP addresses One of the gateway routers must re-establish VPN tunnel after a rollover LAN IP 172.23.9.1 Figure C-15 The purpose of the fully-qualified domain names is this case is to toggle the domain name of the failed-over gateway firewall between the IP addresses of the active WAN port (i.e., WAN_A1 and WAN _A2 in this example) so that the other end of the tunnel has a known gateway IP address to establish or re-establish a VPN tunnel. C-16 Network Planning for Dual WAN Ports v1.0, August 2006