NETGEAR FVX538, FVX538NA VPN Telecommuter (Client-to-Gateway Through a NAT Router)

ProSafe VPN Firewall 200 FVX538 Reference Manual

Network Planning for Dual WAN Ports C-17

v1.0, August 2006

VPN Gateway-to-Gateway: Dual Gateway WAN Ports for Load Balancing

In the case of the dual WAN ports on the gateway VPN firewall (Figure C-16), either of the

gateway WAN ports at one end can be programmed in advance to initiate the VPN tunnel with the

appropriate gateway WAN port at the other end as necessary to manage the loads of the gateway

WAN ports because the IP addresses of the WAN ports are known in advance.

The IP addresses of the gateway WAN ports can be either fixed or dynamic. If an IP address is

dynamic, a fully-qualified domain name must be used. If an IP address is fixed, a fully-qualified

domain name is optional.

VPN Telecommuter (Client-to-Gateway Through a NAT Router)

The following situations exemplify the requirements for a remote PC client connected to the

Internet with a dynamic IP address through a NAT router to establish a VPN tunnel with a gateway

VPN firewall at the company office:

• Single gateway WAN port

• Redundant dual gateway WAN ports for increased reliability (before and after rollover)

• Dual gateway WAN ports used for load balancing

Figure C-16

Note: The telecommuter case presumes the home office has a dynamic IP address and

NAT router.

Gateway A

22.23.24.25

netgear1.dyndns.org

10.5.6.0/24 172.23.9.0/24

172.23.9.1

10.5.6.1

WAN_A1 IP WAN_B1 IP

LAN IP

Gateway B

Gateway-to-Gateway Example

(Dual WAN Ports, Load Balancing)

Fully-Qualified Domain Names (FQDN)

- optional for Fixed IP addresses

- required for Dynamic IP addresses

VPN Router

(at office A)

VPN Router

(at office B)

WAN_B2 IP

WAN_A2 IP

netgear2.dyndns.org 22.23.24.26