The IP addresses of the gateway WAN ports can be either fixed or dynamic. If an IP address is
dynamic, a fully-qualified domain name must be used. If an IP address is fixed, a fully-qualified
domain name is optional.
VPN Gateway-to-Gateway
The following situations exemplify the requirements for a gateway VPN firewall to establish a
VPN tunnel with another gateway VPN firewall:
•
Single gateway WAN ports
•
Redundant dual gateway WAN ports for increased reliability (before and after rollover)
•
Dual gateway WAN ports used for load balancing
VPN Gateway-to-Gateway: Single Gateway WAN Ports (Reference Case)
In the case of single WAN ports on the gateway VPN firewalls
port can initiate the VPN tunnel with the other gateway WAN port because the IP addresses are
known in advance.
10.5.6.0/24
Gateway-to-Gateway Example (Single WAN Ports)
Gateway A
LAN IP
10.5.6.1
VPN Router
(at office A)
Figure 3-12: Single gateway WAN ports case for gateway-to-gateway VPN tunnels
The IP address of the gateway WAN ports can be either fixed or dynamic. If an IP address is
dynamic, a fully-qualified domain name must be used. If an IP address is fixed, a fully-qualified
domain name is optional.
Network Planning
Reference Manual for the ProSafe VPN Firewall 200 FVX538
WAN IP
FQDN
netgear.dyndns.org
Fully-Qualified Domain Names (FQDN)
- optional for Fixed IP addresses
- required for Dynamic IP addresses
January 2005
(Figure
3-12), either gateway WAN
Gateway B
WAN IP
22.23.24.25
VPN Router
(at office B)
172.23.9.0/24
LAN IP
172.23.9.1
3-9