NETGEAR FVX538 Network Card User Manual


 
Network Planning Guide for ProSafe VPN Firewall Router FVX538
2-10 Network Planning
October 2004
VPN Road Warrior: Dual Gateway WAN Ports for Load Balancing
In the case of the dual WAN ports on the gateway VPN router (Figure 2-13), the remote PC
initiates the VPN tunnel with the appropriate gateway WAN port (i.e., port WAN1 or WAN2 as
necessary to balance the loads of the two gateway WAN ports) because the IP address of the
remote PC is not known in advance. The chosen gateway WAN port must act as the responder.
Figure 2-13: Dual gateway WAN ports (load balancing case) for VPN road warrior
The IP addresses of the gateway WAN ports can be either fixed or dynamic. If an IP address is
dynamic, a fully-qualified domain name must be used. If an IP address is fixed, a fully-qualified
domain name is optional.
VPN Gateway-to-Gateway
The following situations exemplify the requirements for a gateway VPN router to establish a VPN
tunnel with another gateway VPN router:
Single gateway WAN ports
Redundant dual gateway WAN ports for increased system reliability (before and after failover)
Dual gateway WAN ports used for load balancing
VPN Gateway-to-Gateway: Single Gateway WAN Ports (Reference Case)
In the case of single WAN ports on the gateway VPN routers (Figure 2-14), either gateway WAN
port can initiate the VPN tunnel with the other gateway WAN port because the IP addresses are
known in advance.
Gateway A
bzrouter1.dyndns.org
10.5.6.0/24
10.5.6.1
WAN1 IP
WAN IP
LAN IP
Client B
0.0.0.0
VPNRouter
(atemployer's
mainoffice)
Road Warrior Example
(Dual WAN Ports, Load Balancing)
RemotePC
(runningNETGEAR
ProSafeVPNClient)
Fully-QualifiedDomainNames (FQDN)
-optional forFixedIP addresses
-required forDynamicIP addresses
bzrouter2.dyndns.org
WAN2 IP