Vpn Telecommuter (Client-To-Gateway Through A Nat Router) - NETGEAR ProSafe FVS338 Reference Manual

Vpn firewall 50

Hide thumbs Also See for ProSafe FVS338:

Reference manual (200 pages)

Application note (5 pages)

Installation manual (2 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

Table of Contents

Reference Manual for the ProSafe VPN Firewall 50 FVS338

The IP addresses of the gateway WAN ports can be either fixed or dynamic, but a fully-qualified

domain name must always be used because the active WAN ports could be either WAN_A1,

WAN_A2, WAN_B1, or WAN_B2 (i.e., the IP address of the active WAN port is not known in

advance).

After a failover of a gateway WAN port

becomes the active port (port WAN_A2 in this example) and one of the gateway VPN routers must

re-establish the VPN tunnel.

Gateway-to-Gateway Example

10.5.6.0/24

(Dual WAN Ports, After Failover)

Gateway A

LAN IP

10.5.6.1

VPN Router

(at office A)

Figure 3-11: Dual gateway WAN ports, after failover, for gateway-to-gateway VPN tunnels

The purpose of the fully-qualified domain names is this case is to toggle the domain name of the

failed-over gateway router between the IP addresses of the active WAN port (i.e., WAN_A1 and

WAN _A2 in this example) so that the other end of the tunnel has a known gateway IP address to

establish or re-establish a VPN tunnel.

VPN Telecommuter (Client-to-Gateway Through a NAT Router)

Note: The telecommuter case presumes the home office has a dynamic IP address and

NAT router for budgetary reasons.

The following situations exemplify the requirements for a remote PC client connected to the

Internet with a dynamic IP address through a NAT router to establish a VPN tunnel with a gateway

VPN router at the company office:

•

Single gateway WAN port

•

Redundant dual gateway WAN ports for increased system reliability (before and after failover)

3-10

(Figure

WAN_A1 IP (N/A)

WAN_A1 port inactive

PSTN

netgear.dyndns.org

WAN_A2 IP

Fully-Qualified Domain Names (FQDN)

- required for Fixed IP addresses

- required for Dynamic IP addresses

One of the gateway routers must re-establish VPN tunnel after a failover

January 2005

3-11), the previously inactive gateway WAN port

WAN_B1 IP

Gateway B

netgearB.dyndns.org

PSTN

WAN_B2 port inactive

VPN Router

WAN_B2 IP (N/A)

(at office B)

172.23.9.0/24

LAN IP

172.23.9.1

Network Planning

Table of Contents

Vpn Telecommuter (Client-To-Gateway Through A Nat Router) - NETGEAR ProSafe FVS338 Reference Manual

VPN Telecommuter (Client-to-Gateway Through a NAT Router)

Troubleshooting

Related Manuals for NETGEAR ProSafe FVS338

Related Content for NETGEAR ProSafe FVS338

Table of Contents