NETGEAR ProSafe FVX538 User Manual
Page 22
Network Planning Guide for ProSafe VPN Firewall Router FVX538
2-12
Network Planning
October 2004
The IP addresses of the gateway WAN ports can be either fixed or dynamic, but a fully-qualified
domain name must always be used because the active WAN ports could be either WAN_A1,
WAN_A2, WAN_B1, or WAN_B2 (i.e., the IP address of the active WAN port is not known in
advance).
After a failover of a gateway WAN port (
), the previously inactive gateway WAN port
becomes the active port (port WAN_A2 in this example) and one of the gateway VPN routers must
re-establish the VPN tunnel.
Figure 2-16: Dual gateway WAN ports, after failover, for gateway-to-gateway VPN tunnels
The purpose of the fully-qualified domain names is this case is to toggle the domain name of the
failed-over gateway router between the IP addresses of the active WAN port (i.e., WAN_A1 and
WAN _A2 in this example) so that the other end of the tunnel has a known gateway IP address to
establish or re-establish a VPN tunnel.
VPN Gateway-to-Gateway: Dual Gateway WAN Ports for Load Balancing
In the case of the dual WAN ports on the gateway VPN router (
), either of the gateway
WAN ports at one end can be programmed in advance to initiate the VPN tunnel with the
appropriate gateway WAN port at the other end as necessary to manage the loads of the gateway
WAN ports because the IP addresses of the WAN ports are known in advance.
Gateway A
netgearB.dyndns.org
WAN_A1 port inactive
10.5.6.0/24
172.23.9.0/24
172.23.9.1
10.5.6.1
WAN_A1 IP (N/A)
WAN_B1 IP
LAN IP
LAN IP
Gateway B
Gateway-to-Gateway Example
(Dual WAN Ports, After Failover)
Fully-Qualified Domain Names (FQDN)
- required for Fixed IP addresses
- required for Dynamic IP addresses
VPN Router
(at office A)
VPN Router
(at office B)
WAN_B2 IP (N/A)
WAN_A2 IP
netgear.dyndns.org
WAN_B2 port inactive
One of the gateway routers must re-establish VPN tunnel after a failover
X
X
X
X