NETGEAR FVX538NA Network Card User Manual


 
ProSafe VPN Firewall 200 FVX538 Reference Manual
C-16 Network Planning for Dual WAN Ports
v1.0, August 2006
The IP addresses of the gateway WAN ports can be either fixed or dynamic, but a fully-qualified
domain name must always be used because the active WAN ports could be either WAN_A1,
WAN_A2, WAN_B1, or WAN_B2 (i.e., the IP address of the active WAN port is not known in
advance).
After a rollover of a gateway WAN port (Figure C-15), the previously inactive gateway WAN port
becomes the active port (port WAN_A2 in this example) and one of the gateway VPN firewalls
must re-establish the VPN tunnel.
The purpose of the fully-qualified domain names is this case is to toggle the domain name of the
failed-over gateway firewall between the IP addresses of the active WAN port (i.e., WAN_A1 and
WAN _A2 in this example) so that the other end of the tunnel has a known gateway IP address to
establish or re-establish a VPN tunnel.
Figure C-15
Gateway A
netgearB.dyndns.org
WAN_A1 port inactive
10.5.6.0/24
172.23.9.0/24
172.23.9.1
10.5.6.1
WAN_A1 IP (N/A)
WAN_B1 IP
LAN IP
LAN IP
Gateway B
Gateway-to-Gateway Example
(Dual WAN Ports, After Rollover)
Fully-QualifiedDomainNames(FQDN)
-requiredforFixedIPaddresses
-requiredforDynamicIPaddresses
VPN Router
(at office A)
VPN Router
(at office B)
WAN_B2 IP (N/A)
WAN_A2 IP
netgear.dyndns.org
WAN_B2 port inactive
Oneofthegatewayroutersmustre-establishVPNtunnelafterarollover
XX
XX