Virtual private networks (vpns), Virtual private networks (vpns) -5, Ablish) the vpn tunnel. see – NETGEAR ProSafe FVS124G User Manual

Page 35: Virtual private networks

Advertising
background image

Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports

Network Planning

3-5

202-10085-01, March 2005

Virtual Private Networks (VPNs)

When implementing virtual private network (VPN) tunnels, a mechanism must be used for
determining the IP addresses of the tunnel end points. The addressing of the firewall’s dual WAN
port depends on the configuration being implemented:

For the single gateway WAN port case, the mechanism is to use a fully-qualified domain name
(FQDN) when the IP address is dynamic and to use either an FQDN or the IP address itself when
the IP address is fixed. The situation is different when dual gateway WAN ports are used in a
rollover-based system.

Rollover Case for Dual Gateway WAN Ports

Rollover (

Figure 3-6

) for the dual gateway WAN port case is different from the single gateway

WAN port case when specifying the IP address of the VPN tunnel end point. Only one WAN
port is active at a time and when it rolls over, the IP address of the active WAN port always
changes. Hence, the use of a fully-qualified domain name is always required, even when the IP
address of each WAN port is fixed.

Table 3-1.

IP addressing requirements for VPNs in dual WAN port systems

Configuration and WAN IP address

Single WAN Port

(reference case)

Dual WAN Port Cases

Rollover

*

*

All tunnels must be re-established after a rollover using the new WAN IP address.

Load Balancing

VPN Road Warrior

(client-to-gateway)

Fixed

Allowed

(FQDN optional)

FQDN required

Allowed

(FQDN optional)

Dynamic

FQDN required

FQDN required

FQDN required

VPN Gateway-to-Gateway Fixed

Allowed

(FQDN optional)

FQDN required

Allowed

(FQDN optional)

Dynamic

FQDN required

FQDN required

FQDN required

VPN Telecommuter

(client-to-gateway through
a NAT router)

Fixed

Allowed

(FQDN optional)

FQDN required

Allowed

(FQDN optional)

Dynamic

FQDN required

FQDN required

FQDN required

Note:

Once the gateway router WAN port rolls over, the VPN tunnel collapses and must

be re-established using the new WAN IP address.

Advertising
Popular Brands
Popular manuals