Netgear FVS336Gv2 – ProSafe Dual WAN Gigabit Firewall with SSL & IPSec VPN 참조 매뉴얼
Network Planning for Multiple WAN Ports
634
ProSAFE Dual WAN Gigabit WAN SSL VPN Firewall FVS336Gv2
VPN Telecommuter - Client-to-Gateway
The following situations exemplify the requirements for a remote computer client with no
firewall to establish a VPN tunnel with a gateway VPN firewall:
firewall to establish a VPN tunnel with a gateway VPN firewall:
•
Single-gateway WAN port
•
Redundant dual-gateway WAN ports for increased reliability (before and after rollover)
•
Dual-gateway WAN ports for load balancing
VPN Telecommuter: Single-Gateway WAN Port - Reference Case
In a single WAN port gateway configuration, the remote computer client initiates the VPN
tunnel because the IP address of the remote computer client is not known in advance. The
gateway WAN port must act as the responder.
tunnel because the IP address of the remote computer client is not known in advance. The
gateway WAN port must act as the responder.
Figure 21. Telecommuter example in a single WAN port configuration
The IP address of the gateway WAN port can be either fixed or dynamic. If the IP address is
dynamic, an FQDN must be used. If the IP address is fixed, an FQDN is optional.
dynamic, an FQDN must be used. If the IP address is fixed, an FQDN is optional.
VPN Telecommuter: Dual-Gateway WAN Ports for Improved Reliability
In a gateway configuration with dual WAN ports that function in auto-rollover mode, the
remote computer client initiates the VPN tunnel with the active WAN port (port WAN1 in the
following figure) because the IP address of the remote computer client is not known in
advance. The gateway WAN port must act as a responder.
remote computer client initiates the VPN tunnel with the active WAN port (port WAN1 in the
following figure) because the IP address of the remote computer client is not known in
advance. The gateway WAN port must act as a responder.
Figure 22. Telecommuter example in a dual WAN port configuration before auto-rollover