ProSafe VPN Firewall 200 FVX538 Reference Manual
Network Planning for Dual WAN Ports C-15
v1.0, August 2006
The IP address of the gateway WAN ports can be either fixed or dynamic. If an IP address is
dynamic, a fully-qualified domain name m ust b e used. If an IP address is fixed, a fully-qualified
domain name is optional.
VPN Gateway-to-Gateway: Dual Gateway WAN Ports for Improved Reliability
In the case of the dual WAN ports on the gateway VPN firewall (Figure C-14), either of the
gateway WAN ports at one end can initiate the VPN tunnel with the appropriate gateway WAN
port at the other end as necessary to balance the loads of the gateway WAN ports because the IP
addresses of the WAN ports are known in advance. In this example, port WAN_A1 is active and
port WAN_A2 is inactive at Gateway A; port WAN_B1 is active and port WAN_B2 is inactive at
Gateway B.
Figure C-13
Figure C-14
Gateway A
22.23.24.25
FQDN
netgear.dyndns.org
10.5.6.0/24 172.23.9.0/24
172.23.9.1
10.5.6.1
WAN IP WAN IP LAN IP
LAN IP
Gateway B
Gateway-to-Gateway Example (Single WAN Ports)
Fully-Qualified Domain Names (FQDN)
- optional for Fixed IP addresses
- required for Dynamic IP addresses
VPN Router
(at office A)
VPN Router
(at office B)
Gateway A
netgearB.dyndns.org
netgearA.dyndns.org
10.5.6.0/24 172.23.9.0/24
172.23.9.1
10.5.6.1
WAN_A1 IP WAN_B1 IP
LAN IP
LAN IP
Gateway B
Gateway-to-Gateway Example
(Dual WAN Ports, Before Rollover)
Fully-Qualified Domain Names (FQDN)
- required for Fixed IP addresses
- required for Dynamic IP addresses
VPN Router
(at office A)
VPN Router
(at office B)
WAN_B2 IP (N/A)
WAN_A2 IP (N/A)
WAN_A2 port inactive WAN_B2 port inactive
XX
XX