Netgear FVS338 참조 매뉴얼

Network Planning

3-5

When implementing virtual private network (VPN) tunnels, a mechanism must be used for 
determining the IP addresses of the tunnel end points. The addressing of the router’s dual WAN 
port depends on the configuration being implemented:

For the single gateway WAN port case, the mechanism is to use a fully-qualified domain name 
(FQDN) when the IP address is dynamic and to use either an FQDN or the IP address itself when 
the IP address is fixed. The situation is different when dual gateway WAN ports are used in a 
failover-based system.

Failover (

) for the dual gateway WAN port case is different from the single gateway 

WAN port case when specifying the IP address of the VPN tunnel end point. Only one WAN port 
is active at a time and when it fails over, the IP address of the active WAN port always changes. 
Hence, the use of a fully-qualified domain name is always required, even when the IP address of 
each WAN port is fixed.

 

*. All tunnels must be re-established after a failover using the new WAN IP address.

VPN Road Warrior

 

(client-to-gateway)

Fixed

Allowed

 

(FQDN optional)

FQDN required

Dynamic

FQDN required

FQDN required

VPN Gateway-to-Gateway

Fixed

Allowed

 

(FQDN optional)

FQDN required

Dynamic

FQDN required

FQDN required

VPN Telecommuter

 

(client-to-gateway through a NAT 
router)

Fixed

Allowed

 

(FQDN optional)

FQDN required

Dynamic

FQDN required

FQDN required

Note: Once the gateway router WAN port fails over, the VPN tunnel collapses and must 
be re-established using the new WAN IP address.