Virtual Private Networks - NETGEAR UTM5 Reference Manual

Figure 339.

Virtual Private Networks

When implementing virtual private network (VPN) tunnels, you need to use a mechanism for
determining the IP addresses of the tunnel endpoints. The addressing of the firewall's dual
WAN port depends on the configuration being implemented.
Table 152. IP addressing requirements for VPNs in dual WAN port systems
Configuration and WAN IP address
VPN Road Warrior
(Client-to-Gateway)
VPN Gateway-to-Gateway
VPN Telecommuter
(Client-to-Gateway through
a NAT Router)
1. After a rollover, all tunnels need to be reestablished using the new WAN IP address.
For a single WAN gateway configuration, use an FQDN when the IP address is dynamic and
either an FQDN or the IP address itself when the IP address is fixed. The situation is different
in dual WAN port gateway configurations.
• Dual WAN ports in auto-rollover mode. A dual WAN port auto-rollover gateway
configuration is different from a single WAN port gateway configuration when you specify
the IP address of the VPN tunnel endpoint. Only one WAN port is active at a time, and
when it rolls over, the IP address of the active WAN port always changes. Therefore, the
use of an FQDN is always required, even when the IP address of each WAN port is fixed.
Network Planning for Dual WAN Ports (Multiple WAN Port Models Only)
ProSecure Unified Threat Management (UTM) Appliance
Single WAN port
configurations
(reference cases)
Fixed Allowed
(FQDN optional)
Dynamic FQDN required
Fixed Allowed
(FQDN optional)
Dynamic FQDN required
Fixed Allowed
(FQDN optional)
Dynamic FQDN required
Dual WAN port configurations
Rollover Mode
FQDN required
FQDN required
FQDN required
FQDN required
FQDN required
FQDN required
578
1
Load balancing mode
Allowed
(FQDN optional)
FQDN required
Allowed
(FQDN optional)
FQDN required
Allowed
(FQDN optional)
FQDN required