Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
Network Planning
3-11
202-10085-01, March 2005
Figure 3-14:
Dual gateway WAN ports, after rollover, for gateway-to-gateway VPN tunnels
The purpose of the fully-qualified domain names is this case is to toggle the domain name of the
failed-over gateway firewall between the IP addresses of the active WAN port (i.e., WAN_A1 and
WAN _A2 in this example) so that the other end of the tunnel has a known gateway IP address to
establish or re-establish a VPN tunnel.
VPN Gateway-to-Gateway: Dual Gateway WAN Ports for Load Balancing
In the case of the dual WAN ports on the gateway VPN firewall (
Figure 3-15
), either of the
gateway WAN ports at one end can be programmed in advance to initiate the VPN tunnel with the
appropriate gateway WAN port at the other end as necessary to manage the loads of the gateway
WAN ports because the IP addresses of the WAN ports are known in advance.
Figure 3-15:
Dual gateway WAN ports (load balancing case) for gateway-to-gateway VPN
tunnels
Gateway A
netgearB.dyndns.org
WAN_A1 port inactive
10.5.6.0/24
172.23.9.0/24
172.23.9.1
10.5.6.1
WAN_A1 IP (N/A)
WAN_B1 IP
LAN IP
LAN IP
Gateway B
Gateway-to-Gateway Example
(Dual WAN Ports, After Rollover)
Fully-Qualified Domain Names (FQDN)
- required for Fixed IP addresses
- required for Dynamic IP addresses
VPN Router
(at office A)
VPN Router
(at office B)
WAN_B2 IP (N/A)
WAN_A2 IP
netgear.dyndns.org
WAN_B2 port inactive
One of the gateway routers must re-establish VPN tunnel after a rollover
X
X
X
X
Gateway A
22.23.24.25
netgear1.dyndns.org
10.5.6.0/24
172.23.9.0/24
172.23.9.1
10.5.6.1
WAN_A1 IP
WAN_B1 IP
LAN IP
LAN IP
Gateway B
Gateway-to-Gateway Example
(Dual WAN Ports, Load Balancing)
Fully-Qualified Domain Names (FQDN)
- optional for Fixed IP addresses
- required for Dynamic IP addresses
VPN Router
(at office A)
VPN Router
(at office B)
WAN_B2 IP
WAN_A2 IP
netgear2.dyndns.org
22.23.24.26