NETGEAR FVX538v1 - ProSafe VPN Firewall Dual WAN Planning Manual
Prosafe vpn firewall router
Hide thumbs
Also See for FVX538v1 - ProSafe VPN Firewall Dual WAN:
- Setup manual (9 pages) ,
- Configuration manual (8 pages) ,
- Specifications (2 pages)
Related Manuals for NETGEAR FVX538v1 - ProSafe VPN Firewall Dual WAN
Summary of Contents for NETGEAR FVX538v1 - ProSafe VPN Firewall Dual WAN
- Page 1 Network Planning Guide for ProSafe VPN Firewall Router FVX538 NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA 202-10066-01 (Beta Draft) October 2004 October 2004...
- Page 2 In the interest of improving internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes to the products described in this document without notice. NETGEAR does not assume any liability that may occur due to the use or application of the product(s) or circuit layout(s) described herein.
-
Page 3: Table Of Contents
Contents Chapter 1 Introducing the FVX538 The Router’s Front Panel ....................1-1 The Router’s Rear Panel ....................1-3 Rack Mounting the Router ....................1-3 The Router’s IP Address, Login Name, and Password ..........1-4 Default Factory Settings ....................1-4 Chapter 2 Network Planning Overview of the Planning Process ..................2-1 Single or Multiple Exposed Hosts ................2-1 Virtual Private Networks (VPNs) ................2-2 The Fail-over Case for Routers With Dual WAN Ports ..........2-2... - Page 4 Contents October 2004...
-
Page 5: Introducing The Fvx538
Network Planning Guide for ProSafe VPN Firewall Router FVX538 Chapter 1 Introducing the FVX538 This chapter introduces the FVX538 ProSafe VPN Firewall Router. The Router’s Front Panel The FVX538 ProSafe VPN Firewall Router front panel shown below contains the port connections, status LEDs, and the factory defaults reset button. - Page 6 Network Planning Guide for ProSafe VPN Firewall Router FVX538 Table 1-1. Object Descriptions (continued) Object Activity Description WAN Ports Two RJ-45 WAN ports N-way automatic speed negotiation, Auto MDI/MDIX. and LEDs Link/Act LED On (Green) The WAN port has detected a link with a connected Ethernet device. Blinking (Green) Data is being transmitted or received by the WAN port.
-
Page 7: The Router's Rear Panel
Network Planning Guide for ProSafe VPN Firewall Router FVX538 The Router’s Rear Panel The rear panel of the FVX538 ProSafe VPN Firewall Router (Figure 1-2) contains the On/Off switch and AC power connection. 100-240 VAC, 50-60Hz, 0.7A max. AC Power On/Off Connection Switch... -
Page 8: The Router's Ip Address, Login Name, And Password
Network Planning Guide for ProSafe VPN Firewall Router FVX538 The Router’s IP Address, Login Name, and Password Check the label on the bottom of the FVX538’s enclosure if you forget the following factory default information: • IP Address: http://192.168.1.1 to reach the Web-based GUI from the LAN •... - Page 9 Network Planning Guide for ProSafe VPN Firewall Router FVX538 Table 1-2. Factory Default Settings Feature Default User Name (case sensitive) admin Password (case sensitive) password Built-in DHCP server DHCP server is enabled, issues addresses in the default subnet IP Configuration IP Address: 192.168.1.1 Subnet Mask: 255.255.255.0 Gateway: 0.0.0.0...
- Page 10 Network Planning Guide for ProSafe VPN Firewall Router FVX538 Introducing the FVX538 October 2004...
-
Page 11: Network Planning
Network Planning Guide for ProSafe VPN Firewall Router FVX538 Chapter 2 Network Planning This chapter describes the factors to consider when planning a network using a router that has dual WAN ports. Overview of the Planning Process The areas that require planning when using a router that has dual WAN ports include: •... -
Page 12: Virtual Private Networks (Vpns)
Network Planning Guide for ProSafe VPN Firewall Router FVX538 Virtual Private Networks (VPNs) A virtual private network (VPN) tunnel provides a secure communication channel between either two gateway VPN routers or between a remote PC client and gateway VPN router. As a result, the IP address of at least one of the tunnel end points must be known in advance in order for the other tunnel end point to establish (or re-establish) the VPN tunnel. -
Page 13: Single Or Multiple Exposed Hosts
Network Planning Guide for ProSafe VPN Firewall Router FVX538 Dual WAN Ports (Load Balancing) WAN1 IP Router netgear1.dyndns.org Use of fully-qualified domain names for IP addresses of WAN ports: o required for dynamic IP addresses o optional for fixed IP addresses netgear2.dyndns.org WAN2 IP Figure 2-2: Dual WAN ports for load balancing... - Page 14 2-3), the WAN’s Internet address is either fixed IP or a fully-qualified domain name if the IP address is dynamic. Router WAN IP netgear.dyndns.org exposed host IP address of WAN port: FQDN is required for dynamic IP address and is optional for fixed IP address...
-
Page 15: Multiple Exposed Hosts
Network Planning Guide for ProSafe VPN Firewall Router FVX538 Dual WAN Ports (Load Balancing) WAN1 IP IP addresses of WAN ports: Router netgear1.dyndns.org use of fully-qualified domain names required for dynamic IP addresses netgear2.dyndns.org and optional for fixed IP addresses WAN2 IP exposed host Figure 2-5: Dual WAN port case for exposed host with load balancing... -
Page 16: Virtual Private Networks (Vpns)
Network Planning Guide for ProSafe VPN Firewall Router FVX538 Note: Load balancing is implemented for outgoing traffic and not for incoming traffic. Consider publicizing one of the WAN port Internet addresses and keeping the other one unpublicized in order to maintain better control of WAN port traffic. Dual WAN Ports WAN1 IP Addresses Router... - Page 17 Dual WAN Ports (After Failover) Dual WAN Ports (Before Failover) WAN1 IP (N/A) WAN1 IP Gateway Gateway WAN1 port inactive netgear.dyndns.org netgear.dyndns.org WAN2 port inactive VPN Router VPN Router WAN2 IP WAN2 IP (N/A) IP address of active WAN port changes after a failover (use of fully-qualified domain names always required) Figure 2-8: Dual gateway WAN ports before and after failover •...
-
Page 18: Vpn Road Warrior (Client-To-Gateway)
Fully-Qualified Domain Names (FQDN) Remote PC - optional for Fixed IP addresses (running NETGEAR - required for Dynamic IP addresses ProSafe VPN Client) Figure 2-10: Single gateway WAN port case for VPN road warrior The IP address of the gateway WAN port can be either fixed or dynamic. If the IP address is dynamic, a fully-qualified domain name must be used. - Page 19 Fully-Qualified Domain Names (FQDN) Remote PC - required for Fixed IP addresses (running NETGEAR - required for Dynamic IP addresses ProSafe VPN Client) Figure 2-11: Dual gateway WAN ports, before failover, for VPN road warrior The IP addresses of the gateway WAN ports can be either fixed or dynamic, but a fully-qualified domain name must always be used because the active WAN port could be either WAN1 or WAN2 (i.e., the IP address of the active WAN port is not known in advance).
-
Page 20: Vpn Gateway-To-Gateway
Fully-Qualified Domain Names (FQDN) Remote PC - optional for Fixed IP addresses (running NETGEAR - required for Dynamic IP addresses ProSafe VPN Client) Figure 2-13: Dual gateway WAN ports (load balancing case) for VPN road warrior The IP addresses of the gateway WAN ports can be either fixed or dynamic. If an IP address is dynamic, a fully-qualified domain name must be used. - Page 21 Gateway B WAN IP WAN IP LAN IP LAN IP FQDN 172.23.9.1 10.5.6.1 netgear.dyndns.org 22.23.24.25 VPN Router VPN Router (at office B) (at office A) Fully-Qualified Domain Names (FQDN) - optional for Fixed IP addresses - required for Dynamic IP addresses Figure 2-14: Single gateway WAN ports case for gateway-to-gateway VPN tunnels The IP address of the gateway WAN ports can be either fixed or dynamic.
- Page 22 WAN_A1 IP (N/A) WAN_B1 IP Gateway A Gateway B WAN_A1 port inactive netgearB.dyndns.org LAN IP LAN IP 172.23.9.1 netgear.dyndns.org 10.5.6.1 WAN_B2 port inactive WAN_A2 IP VPN Router VPN Router WAN_B2 IP (N/A) (at office B) (at office A) Fully-Qualified Domain Names (FQDN)
-
Page 23: Vpn Telecommuter (Client-To-Gateway Through A Nat Router)
Network Planning Guide for ProSafe VPN Firewall Router FVX538 Gateway-to-Gateway Example 10.5.6.0/24 172.23.9.0/24 (Dual WAN Ports, Load Balancing) WAN_A1 IP WAN_B1 IP Gateway A Gateway B netgear1.dyndns.org 22.23.24.25 LAN IP LAN IP 172.23.9.1 netgear2.dyndns.org 10.5.6.1 22.23.24.26 WAN_A2 IP VPN Router WAN_B2 IP VPN Router (at office B) - Page 24 (at employer's Remote PC Fully-Qualified Domain Names (FQDN) home office) main office) (running NETGEAR - optional for Fixed IP addresses ProSafe VPN Client) - required for Dynamic IP addresses Figure 2-18: Single gateway WAN port case for VPN telecommuter The IP address of the gateway WAN port can be either fixed or dynamic. If the IP address is dynamic, a fully-qualified domain name must be used.
- Page 25 (at employer's Remote PC Fully-Qualified Domain Names (FQDN) home office) main office) (running NETGEAR - required for Fixed IP addresses ProSafe VPN Client) - required for Dynamic IP addresses Remote PC must re-establish VPN tunnel after a failover Figure 2-20: Dual gateway WAN ports, after failover, for VPN telecommuter The purpose of the fully-qualified domain name is this case is to toggle the domain name of the gateway router between the IP addresses of the active WAN port (i.e., WAN1 and WAN2) so that...
- Page 26 Network Planning Guide for ProSafe VPN Firewall Router FVX538 The IP addresses of the gateway WAN ports can be either fixed or dynamic. If an IP address is dynamic, a fully-qualified domain name must be used. If an IP address is fixed, a fully-qualified domain name is optional.