Chapter 5 Virtual Private Networking Using Ipsec Connections; Considerations For Multi-Wan Port Systems - NETGEAR SRX5308 Reference Manual

Virtual Private Networking
5.
Using IPSec Connections
This chapter describes how to use the IP security (IPSec) virtual private networking (VPN)
features of the VPN firewall to provide secure, encrypted communications between your local
network and a remote network or computer. The chapter contains the following sections:
•

Considerations for Multi-WAN Port Systems

• Use the IPSec VPN Wizard for Client and Gateway Configurations
• Test the Connection and View Connection and Status Information
• Manage IPSec VPN Policies
• Configure Extended Authentication (XAUTH)
• Assign IP Addresses to Remote Users (Mode Config)
• Configure Keep-Alives and Dead Peer Detection
• Configure NetBIOS Bridging with IPSec VPN
Considerations for Multi-WAN Port Systems
If two WAN ports of the VPN firewall are configured, you can enable either auto-rollover
mode for increased system reliability or load balancing mode for optimum bandwidth
efficiency. Your WAN mode selection impacts how the VPN features need to be configured.
The use of fully qualified domain names (FQDNs) in VPN policies is mandatory when the
WAN ports function in auto-rollover mode or load balancing mode, and is also required for
VPN tunnel failover. When the WAN ports function in load balancing mode, you cannot
configure VPN tunnel failover. An FQDN is optional when the WAN ports function in load
balancing mode if the IP addresses are static, but mandatory if the WAN IP addresses are
dynamic.
See Virtual Private Networks
requirements for VPNs in the dual WAN modes. For information about how to select and
configure a Dynamic DNS service for resolving FQDNs, see
page 42. For information about WAN mode configuration, see
page 32.
The following diagrams and table show how the WAN mode selection relates to VPN
configuration.
on page 315 for more information about the IP addressing
135
Configure Dynamic DNS
Configure the WAN Mode
5
on
on