Network Planning for Multiple WAN Ports (IPv4 Only)
417
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
Figure 273.
The IP addresses of the gateway WAN ports can be either fixed or dynamic. If an IP address
is dynamic, you need to use an FQDN. If an IP address is fixed, an FQDN is optional.
VPN Telecommuter (Client-to-Gateway through a NAT Router)
Note: The telecommuter case presumes the home office has a dynamic IP
address and NAT router.
The following situations exemplify the requirements for a remote computer client connected
to the Internet with a dynamic IP address through a NAT router to establish a VPN tunnel with
a gateway VPN firewall at the company office:
• Single
-gateway WAN port
• Red
undant dual-gateway WAN ports for increased reliability (before and after rollover)
• Dua
l-gateway WAN ports for load balancing
VPN Telecommuter: Single-Gateway WAN Port (Reference Case)
In a single WAN port gateway configuration, the remote computer client at the NAT router
initiates the VPN tunnel because the IP address of the remote NAT router is not known in
advance. The gateway WAN port needs to act as the responder.
Figure 274.