Vpn gateway-to-gateway, Vpn gateway-to-gateway -9 – NETGEAR ProSafe FVS124G User Manual
Page 39
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
Network Planning
3-9
202-10085-01, March 2005
The IP addresses of the gateway WAN ports can be either fixed or dynamic. If an IP address is
dynamic, a fully-qualified domain name must be used. If an IP address is fixed, a fully-qualified
domain name is optional.
VPN Gateway-to-Gateway
The following situations exemplify the requirements for a gateway VPN firewall to establish a
VPN tunnel with another gateway VPN firewall:
•
Single gateway WAN ports
•
Redundant dual gateway WAN ports for increased reliability (before and after rollover)
•
Dual gateway WAN ports used for load balancing
VPN Gateway-to-Gateway: Single Gateway WAN Ports (Reference Case)
In the case of single WAN ports on the gateway VPN firewalls (
port can initiate the VPN tunnel with the other gateway WAN port because the IP addresses are
known in advance.
Figure 3-12: Single gateway WAN ports case for gateway-to-gateway VPN tunnels
The IP address of the gateway WAN ports can be either fixed or dynamic. If an IP address is
dynamic, a fully-qualified domain name must be used. If an IP address is fixed, a fully-qualified
domain name is optional.
Gateway A
22.23.24.25
FQDN
netgear.dyndns.org
10.5.6.0/24
172.23.9.0/24
172.23.9.1
10.5.6.1
WAN IP
WAN IP
LAN IP
LAN IP
Gateway B
Gateway-to-Gateway Example (Single WAN Ports)
Fully-Qualified Domain Names (FQDN)
- optional for Fixed IP addresses
- required for Dynamic IP addresses
VPN Router
(at office A)
VPN Router
(at office B)