NETGEAR FVX538NA manual Virtual Private Networks VPNs

ProSafe VPN Firewall 200 FVX538 Reference Manual

Virtual Private Networks (VPNs)

When implementing virtual private network (VPN) tunnels, a mechanism must be used for determining the IP addresses of the tunnel end points. The addressing of the firewall’s dual WAN port depends on the configuration being implemented:

Table C-2. IP addressing requirements for VPNs in dual WAN port systems

a. All tunnels must be re-established after a rollover using the new WAN IP address.

For the single gateway WAN port case, the mechanism is to use a fully-qualified domain name (FQDN) when the IP address is dynamic and to use either an FQDN or the IP address itself when the IP address is fixed. The situation is different when dual gateway WAN ports are used in a rollover-based system.

•Rollover Case for Dual Gateway WAN Ports

Rollover (Figure C-7) for the dual gateway WAN port case is different from the single gateway WAN port case when specifying the IP address of the VPN tunnel end point. Only one WAN port is active at a time and when it rolls over, the IP address of the active WAN port always changes. Hence, the use of a fully-qualified domain name is always required, even when the IP address of each WAN port is fixed.

Note: Once the gateway router WAN port rolls over, the VPN tunnel collapses and must be re-established using the new WAN IP address.

v1.0, August 2006