Netgear FVS338 참조 매뉴얼

Reference Manual for the ProSafe VPN Firewall 50 FVS338

Network Planning

3-9

January 2005

Figure 3-9: Single gateway WAN ports case for gateway-to-gateway VPN tunnels

The IP address of the gateway WAN ports can be either fixed or dynamic. If an IP address is
dynamic, a fully-qualified domain name must be used. If an IP address is fixed, a fully-qualified
domain name is optional.

VPN Gateway-to-Gateway: Dual Gateway WAN Ports for Improved System
Reliability

In the case of the dual WAN ports on the gateway VPN router (

Figure 3-10

), either of the gateway

WAN ports at one end can initiate the VPN tunnel with the appropriate gateway WAN port at the
other end as necessary to balance the loads of the gateway WAN ports because the IP addresses of
the WAN ports are known in advance. In this example, port WAN_A1 is active and port WAN_A2
is inactive at Gateway A; port WAN_B1 is active and port WAN_B2 is inactive at Gateway B.

Figure 3-10: Dual gateway WAN ports, before failover, for gateway-to-gateway VPN tunnels

Gateway A

22.23.24.25

FQDN

netgear.dyndns.org

10.5.6.0/24

172.23.9.0/24

172.23.9.1

10.5.6.1

WAN IP

LAN IP

Gateway B

Gateway-to-Gateway Example (Single WAN Ports)

Fully-Qualified Domain Names (FQDN)
- optional for Fixed IP addresses
- required for Dynamic IP addresses

VPN Router

(at office A)

VPN Router

(at office B)

Gateway A

netgearB.dyndns.org

netgearA.dyndns.org

10.5.6.0/24

172.23.9.0/24

172.23.9.1

10.5.6.1

WAN_A1 IP

WAN_B1 IP

LAN IP

Gateway B

Gateway-to-Gateway Example

(Dual WAN Ports, Before Failover)

Fully-Qualified Domain Names (FQDN)
- required for Fixed IP addresses
- required for Dynamic IP addresses

VPN Router

(at office A)

VPN Router

(at office B)

WAN_B2 IP (N/A)

WAN_A2 IP (N/A)

WAN_A2 port inactive

WAN_B2 port inactive

PSTN