ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336G Reference Manual
VPN Road Warrior (Client-to-Gateway)
The following situations exemplify the requirements for a remote PC client with no firewall to
establish a VPN tunnel with a gateway VPN firewall:
•
Single gateway WAN port
•
Redundant dual gateway WAN ports for increased reliability (before and after rollover)
•
Dual gateway WAN ports used for load balancing
VPN Road Warrior: Single Gateway WAN Port (Reference Case)
In the case of the single WAN port on the gateway VPN firewall, the remote PC client initiates the
VPN tunnel because the IP address of the remote PC client is not known in advance. The gateway
WAN port must act as the responder.
Figure B-9
The IP address of the gateway WAN port can be either fixed or dynamic. If the IP address is
dynamic, a fully-qualified domain name must be used. If the IP address is fixed, a fully-qualified
domain name is optional.
Network Planning for Dual WAN Ports
v1.0, January 2010
B-11