Vpn gateway-to-gateway, Vpn gateway-to-gateway -10 – NETGEAR ProSafe FVX538 User Manual
Page 20
Network Planning Guide for ProSafe VPN Firewall Router FVX538
2-10
Network Planning
October 2004
VPN Road Warrior: Dual Gateway WAN Ports for Load Balancing
In the case of the dual WAN ports on the gateway VPN router (
initiates the VPN tunnel with the appropriate gateway WAN port (i.e., port WAN1 or WAN2 as
necessary to balance the loads of the two gateway WAN ports) because the IP address of the
remote PC is not known in advance. The chosen gateway WAN port must act as the responder.
Figure 2-13: Dual gateway WAN ports (load balancing case) for VPN road warrior
The IP addresses of the gateway WAN ports can be either fixed or dynamic. If an IP address is
dynamic, a fully-qualified domain name must be used. If an IP address is fixed, a fully-qualified
domain name is optional.
VPN Gateway-to-Gateway
The following situations exemplify the requirements for a gateway VPN router to establish a VPN
tunnel with another gateway VPN router:
•
Single gateway WAN ports
•
Redundant dual gateway WAN ports for increased system reliability (before and after failover)
•
Dual gateway WAN ports used for load balancing
VPN Gateway-to-Gateway: Single Gateway WAN Ports (Reference Case)
In the case of single WAN ports on the gateway VPN routers (
port can initiate the VPN tunnel with the other gateway WAN port because the IP addresses are
known in advance.
Gateway A
bzrouter1.dyndns.org
10.5.6.0/24
10.5.6.1
WAN1 IP
WAN IP
LAN IP
Client B
0.0.0.0
VPN Router
(at employer's
main office)
Road Warrior Example
(Dual WAN Ports, Load Balancing)
Remote PC
(running NETGEAR
ProSafe VPN Client)
Fully-Qualified Domain Names (FQDN)
- optional for Fixed IP addresses
- required for Dynamic IP addresses
bzrouter2.dyndns.org
WAN2 IP