Virtual private networks (vpns), Virtual private networks (vpns) -6, Virtual private networks – NETGEAR ProSafe FVX538 User Manual
Page 16: Balancing, Figure 2-7
Network Planning Guide for ProSafe VPN Firewall Router FVX538
2-6
Network Planning
October 2004
Figure 2-7: Dual WAN port case for multiple exposed hosts with load balancing
Virtual Private Networks (VPNs)
When implementing virtual private network (VPN) tunnels, a mechanism must be used for
determining the IP addresses of the tunnel end points. The addressing of the router’s dual WAN
port depends on the configuration being implemented:
Note: Load balancing is implemented for outgoing traffic and not for incoming traffic.
Consider publicizing one of the WAN port Internet addresses and keeping the other one
unpublicized in order to maintain better control of WAN port traffic.
Table 2-1.
IP addressing requirements for VPNs in dual WAN port systems
Configuration and WAM IP address
Single WAN Port
(reference case)
Dual WAN Port Cases
Failover
a
a. All tunnels must be re-established after a failover using the new WAN IP adress.
Load Balancing
VPN Road Warrior
(client-to-gateway)
Fixed
Allowed
(FQDN optional)
FQDN required
Allowed
(FQDN optional)
Dynamic
FQDN required
FQDN required
FQDN required
VPN Gateway-to-Gateway Fixed
Allowed
(FQDN optional)
FQDN required
Allowed
(FQDN optional)
Dynamic
FQDN required
FQDN required
FQDN required
VPN Telecommuter
(client-to-gateway through
a NAT router)
Fixed
Allowed
(FQDN optional)
FQDN required
Allowed
(FQDN optional)
Dynamic
FQDN required
FQDN required
FQDN required
Router
22.23.24.25, 22.23.24.26, . . .
WAN2 IP Addresses
Dual WAN Ports
IP addresses of WAN ports must be fixed blocks
exposed hosts
14.15.16.17, 14,15,16,18, . . .
WAN1 IP Addresses