Figure 2-14, Either gateway w – NETGEAR ProSafe FVX538 User Manual
Page 21
Network Planning Guide for ProSafe VPN Firewall Router FVX538
Network Planning
2-11
October 2004
Figure 2-14: Single gateway WAN ports case for gateway-to-gateway VPN tunnels
The IP address of the gateway WAN ports can be either fixed or dynamic. If an IP address is
dynamic, a fully-qualified domain name must be used. If an IP address is fixed, a fully-qualified
domain name is optional.
VPN Gateway-to-Gateway: Dual Gateway WAN Ports for Improved System
Reliability
In the case of the dual WAN ports on the gateway VPN router (
), either of the gateway
WAN ports at one end can initiate the VPN tunnel with the appropriate gateway WAN port at the
other end as necessary to balance the loads of the gateway WAN ports because the IP addresses of
the WAN ports are known in advance. In this example, port WAN_A1 is active and port WAN_A2
is inactive at Gateway A; port WAN_B1 is active and port WAN_B2 is inactive at Gateway B.
Figure 2-15: Dual gateway WAN ports, before failover, for gateway-to-gateway VPN tunnels
Gateway A
22.23.24.25
FQDN
netgear.dyndns.org
10.5.6.0/24
172.23.9.0/24
172.23.9.1
10.5.6.1
WAN IP
WAN IP
LAN IP
LAN IP
Gateway B
Gateway-to-Gateway Example (Single WAN Ports)
Fully-Qualified Domain Names (FQDN)
- optional for Fixed IP addresses
- required for Dynamic IP addresses
VPN Router
(at office A)
VPN Router
(at office B)
Gateway A
netgearB.dyndns.org
netgearA.dyndns.org
10.5.6.0/24
172.23.9.0/24
172.23.9.1
10.5.6.1
WAN_A1 IP
WAN_B1 IP
LAN IP
LAN IP
Gateway B
Gateway-to-Gateway Example
(Dual WAN Ports, Before Failover)
Fully-Qualified Domain Names (FQDN)
- required for Fixed IP addresses
- required for Dynamic IP addresses
VPN Router
(at office A)
VPN Router
(at office B)
WAN_B2 IP (N/A)
WAN_A2 IP (N/A)
WAN_A2 port inactive
WAN_B2 port inactive
X
X
X
X