Netgear FVS338 참조 매뉴얼
Reference Manual for the ProSafe VPN Firewall 50 FVS338
3-10
Network Planning
January 2005
The IP addresses of the gateway WAN ports can be either fixed or dynamic, but a fully-qualified
domain name must always be used because the active WAN ports could be either WAN_A1,
WAN_A2, WAN_B1, or WAN_B2 (i.e., the IP address of the active WAN port is not known in
advance).
domain name must always be used because the active WAN ports could be either WAN_A1,
WAN_A2, WAN_B1, or WAN_B2 (i.e., the IP address of the active WAN port is not known in
advance).
After a failover of a gateway WAN port (
), the previously inactive gateway WAN port
becomes the active port (port WAN_A2 in this example) and one of the gateway VPN routers must
re-establish the VPN tunnel.
re-establish the VPN tunnel.
Figure 3-11: Dual gateway WAN ports, after failover, for gateway-to-gateway VPN tunnels
The purpose of the fully-qualified domain names is this case is to toggle the domain name of the
failed-over gateway router between the IP addresses of the active WAN port (i.e., WAN_A1 and
WAN _A2 in this example) so that the other end of the tunnel has a known gateway IP address to
establish or re-establish a VPN tunnel.
failed-over gateway router between the IP addresses of the active WAN port (i.e., WAN_A1 and
WAN _A2 in this example) so that the other end of the tunnel has a known gateway IP address to
establish or re-establish a VPN tunnel.
VPN Telecommuter (Client-to-Gateway Through a NAT Router)
The following situations exemplify the requirements for a remote PC client connected to the
Internet with a dynamic IP address through a NAT router to establish a VPN tunnel with a gateway
VPN router at the company office:
Internet with a dynamic IP address through a NAT router to establish a VPN tunnel with a gateway
VPN router at the company office:
•
Single gateway WAN port
•
Redundant dual gateway WAN ports for increased system reliability (before and after failover)
Note: The telecommuter case presumes the home office has a dynamic IP address and
NAT router for budgetary reasons.
NAT router for budgetary reasons.
Gateway A
netgearB.dyndns.org
WAN_A1 port inactive
10.5.6.0/24
172.23.9.0/24
172.23.9.1
10.5.6.1
WAN_A1 IP (N/A)
WAN_B1 IP
LAN IP
LAN IP
Gateway B
Gateway-to-Gateway Example
(Dual WAN Ports, After Failover)
Fully-Qualified Domain Names (FQDN)
- required for Fixed IP addresses
- required for Dynamic IP addresses
- required for Fixed IP addresses
- required for Dynamic IP addresses
VPN Router
(at office A)
VPN Router
(at office B)
WAN_B2 IP (N/A)
WAN_A2 IP
netgear.dyndns.org
WAN_B2 port inactive
One of the gateway routers must re-establish VPN tunnel after a failover
X
X
X
X
PSTN
PSTN