Chapter 5

Virtual Private Networking

This chapter describes how to use the Virtual Private Networking (VPN) features of the VPN firewall. VPN tunnels provide secure, encrypted communications between your local network and a remote network or computer.

Tip: When using dual WAN port networks, use the VPN Wizard to configure the basic parameters and then edit the VPN and IKE Policy screens for the various VPN scenarios.

Dual WAN Port Systems

The dual WAN ports in the VPN firewall can be configured for rollover mode for increased system reliability by specifying the Broadband connection with the Dialup connection as backup. This WAN mode choice then impacts how the VPN features must be configured.

Table 5-1. IP Addressing Requirements for VPN in Dual WAN Port Systems

Configuration and WAN IP address

Rollover Modea

Dedicated Mode

 

 

 

 

VPN Road Warrior

Fixed

FQDN required

Allowed (FQDN optional)

(client-to-gateway)

 

 

 

Dynamic

FQDN required

FQDN required

 

 

 

 

 

VPN Gateway-to-Gateway

Fixed

FQDN required

Allowed (FQDN optional)

 

 

 

 

 

Dynamic

FQDN required

FQDN required

 

 

 

 

VPN Telecommuter

Fixed

FQDN required

Allowed (FQDN optional)

(client-to-gateway through a

 

 

 

Dynamic

FQDN required

FQDN required

NAT router)

 

 

 

 

 

 

 

a. All tunnels must be re-established after a rollover using the new WAN IP address.

The use of fully qualified domain names is mandatory when the WAN ports are in rollover mode (“Configuring the WAN Mode” on page 2-15); also required for the VPN tunnels to fail over. When using rollover mode, you must configure a Dynamic DNS service (see “Configuring Dynamic DNS (If Needed)” on page 2-16to select and configure the Dynamic DNS service).

Virtual Private Networking

5-1

v1.0, September 2006

Page 91
Image 91
NETGEAR FVS338 manual IP Addressing Requirements for VPN in Dual WAN Port Systems