Planning For Virtual Private Networks - NETGEAR ProSafe FVS336Gv2 Reference Manual

ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2
Note: Load balancing is implemented for outgoing traffic and not for
incoming traffic. To maintain better control of WAN port traffic,
consider making one of the WAN port Internet addresses public and
to keep the other one private.
Figure 18. Inbound traffic to a dual WAN port system in load balancing mode

Planning for Virtual Private Networks

The following sections provide information about planning for VPN:
• VPN Telecommuter - Client-to-Gateway
• VPN Gateway-to-Gateway
• VPN Telecommuter - Client-to-Gateway Through a NAT Router
When implementing virtual private network (VPN) tunnels, you must use a mechanism for
determining the IP addresses of the tunnel endpoints. The addressing of the firewall's WAN
ports in a dual WAN port auto-rollover or load balancing configuration depends on the
configuration being implemented.
Table 12. IP addressing requirements for VPNs in a dual WAN port configuration
Configuration and WAN IP Address
VPN Telecommuter -
Client-to-Gateway
VPN Gateway-to-Gateway
VPN Telecommuter -
Client-to-Gateway Through
a NAT Router
a. After a rollover, all tunnels must be reestablished using the new WAN IP address.
Single WAN Port
Configurations
(Reference Cases)
Fixed Allowed
(FQDN optional)
Dynamic FQDN required
Fixed Allowed
(FQDN optional)
Dynamic FQDN required
Fixed Allowed
(FQDN optional)
Dynamic FQDN required
Network Planning for Multiple WAN Ports
632
Dual WAN Port Configurations
a
Rollover Mode Load Balancing Mode
FQDN required Allowed
(FQDN optional)
FQDN required FQDN required
FQDN required Allowed
(FQDN optional)
FQDN required FQDN required
FQDN required Allowed
(FQDN optional)
FQDN required FQDN required