Vpn Road Warrior (Client-To-Gateway); Vpn Road Warrior: Single Gateway Wan Port (Reference Case) - NETGEAR FVX538 - ProSafe VPN Firewall 200 Router Reference Manual

Reference Manual for the ProSafe VPN Firewall 200 FVX538
Dual WAN Ports (Before Rollover)
Gateway
netgear.dyndns.org
WAN2 port inactive
VPN Router
IP address of active WAN port changes after a rollover (use of fully-qualified domain names always required)
Figure 3-6: Dual gateway WAN ports before and after rollover
• Load Balancing Case for Dual Gateway WAN Ports
Load balancing (Figure
gateway WAN port case when specifying the IP address of the VPN tunnel end point. Each IP
address is either fixed or dynamic based on the ISP: fully-qualified domain names must be
used when the IP address is dynamic and are optional when the IP address is static.
Dual WAN Ports (Load Balancing)
Gateway
netgear1.dyndns.org
netgear2.dyndns.org
VPN Router
Figure 3-7: Dual gateway WAN ports for load balancing

VPN Road Warrior (Client-to-Gateway)

The following situations exemplify the requirements for a remote PC client with no firewall to
establish a VPN tunnel with a gateway VPN firewall:
• Single gateway WAN port
• Redundant dual gateway WAN ports for increased reliability (before and after rollover)
• Dual gateway WAN ports used for load balancing

VPN Road Warrior: Single Gateway WAN Port (Reference Case)

In the case of the single WAN port on the gateway VPN firewall
initiates the VPN tunnel because the IP address of the remote PC client is not known in advance.
The gateway WAN port must act as the responder.
3-6
WAN1 IP
X X
WAN2 IP (N/A)
3-7) for the dual gateway WAN port case is the same as the single
WAN1 IP
WAN2 IP
January 2005
Dual WAN Ports (After Rollover)
Gateway
VPN Router
IP addresses of WAN ports same as single
WAN port case (use of fully-qualified domain
names required for dynamic IP addresses
and optional for fixed IP addresses)
(Figure
WAN1 IP (N/A)
WAN1 port inactive
X X
netgear.dyndns.org
WAN2 IP
3-8), the remote PC client
Network Planning