ProSafe VPN Firewall 200 FVX538 Reference Manual
C-14 Network Planning for Dual WAN Ports
v1.0, August 2006
The IP addresses of the gateway WAN ports can be either fixed or dynamic. If an IP address is
dynamic, a fully-qualified domain name m ust b e used. If an IP address is fixed, a fully-qualified
domain name is optional.
VPN Gateway-to-Gateway
The following situations exemplify the requirements for a gateway VPN firewall to establish a
VPN tunnel with another gateway VPN firewall:
• Single gateway WAN ports
• Redundant dual gateway WAN ports for increased reliability (before and after rollover)
• Dual gateway WAN ports used for load balancing
VPN Gateway-to-Gateway: Single Gateway WAN Ports (Reference Case)
In the case of single WAN ports on the gateway VPN firewalls (Figure C-13), either gateway
WAN port can initiate the VPN tunnel with the other gateway WAN port because the IP addresses
are known in advance.
Figure C-12
Gateway A
bzrouter1.dyndns.org
10.5.6.0/24
10.5.6.1
WAN1 IP
WAN IP
LAN IP
Client B
0.0.0.0
VPN Router
(at employer's
main office)
Road Warrior Example
(Dual WAN Ports, Load Balancing)
Remote PC
(running NETGEAR
ProSafe VPN Client)
Fully-Qualified Domain Names (FQDN)
- optional for Fixed IP addresses
- required for Dynamic IP addresses
bzrouter2.dyndns.org
WAN2 IP