FVX538 Reference Manual
Page 20
... other VPNC-compliant VPN routers and clients. • SNMP. The VPN firewall allows several networked ...VPN firewall automatically senses the type of Attached PCs by your Internet service provider (ISP). The VPN firewall includes the NETGEAR VPN Wizard to easily configure VPN tunnels according to the recommendations of ISP account. • VPN Wizard. The VPN firewall...ProSafe VPN Firewall 200 FVX538 Reference Manual Extensive Protocol Support The VPN firewall supports the Transmission Control Protocol/Internet Protocol (TCP/IP) and Routing Information Protocol (RIP). The VPN firewall...
... other VPNC-compliant VPN routers and clients. • SNMP. The VPN firewall allows several networked ...VPN firewall automatically senses the type of Attached PCs by your Internet service provider (ISP). The VPN firewall includes the NETGEAR VPN Wizard to easily configure VPN tunnels according to the recommendations of ISP account. • VPN Wizard. The VPN firewall...ProSafe VPN Firewall 200 FVX538 Reference Manual Extensive Protocol Support The VPN firewall supports the Transmission Control Protocol/Internet Protocol (TCP/IP) and Routing Information Protocol (RIP). The VPN firewall...
FVX538 Reference Manual
Page 21
... status and activity. ProSafe VPN Firewall 200 FVX538 Reference Manual • Browser-Based Management. The VPN firewall automatically senses the type of addresses, and you monitor and manage log resources from almost any type of ISP account. • VPN Wizard. The firewall incorporates built-in the Warranty and Support information card provided with other VPNC-compliant VPN routers and clients. •...
... status and activity. ProSafe VPN Firewall 200 FVX538 Reference Manual • Browser-Based Management. The VPN firewall automatically senses the type of addresses, and you monitor and manage log resources from almost any type of ISP account. • VPN Wizard. The firewall incorporates built-in the Warranty and Support information card provided with other VPNC-compliant VPN routers and clients. •...
FVX538 Reference Manual
Page 203
ProSafe VPN Firewall 200 FVX538 Reference Manual Dual WAN Ports (Before Rollover) Dual WAN Ports (After Rollover) WAN1 IP Gateway netgear.dyndns.org X X VPN Router WAN2 port inactive WAN2 IP (N/A) Gateway VPN Router WAN1 IP (N/A) WAN1 port inactive X X netgear.dyndns.org WAN2 IP IP address of active WAN port changes after a rollover (use of the VPN tunnel end point. Each IP address is...
ProSafe VPN Firewall 200 FVX538 Reference Manual Dual WAN Ports (Before Rollover) Dual WAN Ports (After Rollover) WAN1 IP Gateway netgear.dyndns.org X X VPN Router WAN2 port inactive WAN2 IP (N/A) Gateway VPN Router WAN1 IP (N/A) WAN1 port inactive X X netgear.dyndns.org WAN2 IP IP address of active WAN port changes after a rollover (use of the VPN tunnel end point. Each IP address is...
FVX538 Reference Manual
Page 204
ProSafe VPN Firewall 200 FVX538 Reference Manual VPN Road Warrior: Single Gateway WAN Port (Reference Case) In the case of the single WAN port on the gateway VPN firewall (Figure C-10), the remote PC client initiates the VPN tunnel with the active gateway WAN port (port WAN1 in this ...) LAN IP 10.5.6.1 Gateway A VPN Router (at employer's main office) WAN IP FQDN bzrouter.dyndns.org Fully-Qualified Domain Names (FQDN) - VPN Road Warrior: Dual Gateway WAN Ports for Dynamic IP addresses WAN IP 0.0.0.0 Client B Remote PC (running NETGEAR ProSafe VPN Client) Figure C-9 The IP address...
ProSafe VPN Firewall 200 FVX538 Reference Manual VPN Road Warrior: Single Gateway WAN Port (Reference Case) In the case of the single WAN port on the gateway VPN firewall (Figure C-10), the remote PC client initiates the VPN tunnel with the active gateway WAN port (port WAN1 in this ...) LAN IP 10.5.6.1 Gateway A VPN Router (at employer's main office) WAN IP FQDN bzrouter.dyndns.org Fully-Qualified Domain Names (FQDN) - VPN Road Warrior: Dual Gateway WAN Ports for Dynamic IP addresses WAN IP 0.0.0.0 Client B Remote PC (running NETGEAR ProSafe VPN Client) Figure C-9 The IP address...
FVX538 Reference Manual
Page 205
... Dynamic IP addresses WAN IP 0.0.0.0 Remote PC (running NETGEAR ProSafe VPN Client) Remote PC must act as necessary to balance ...VPN Router (at employer's main office) WAN1 IP (N/A) WAN1 port inactive X X bzrouter.dyndns.org WAN2 IP Fully-Qualified Domain Names (FQDN) - required for Load Balancing In the case of the dual WAN ports on the gateway VPN firewall...re-establish VPN tunnel after a rollover Figure C-11 The purpose of the fully-qualified domain name in advance. required for Dual WAN Ports v1.0, August 2006 C-13 ProSafe VPN Firewall 200 FVX538 Reference Manual ...
... Dynamic IP addresses WAN IP 0.0.0.0 Remote PC (running NETGEAR ProSafe VPN Client) Remote PC must act as necessary to balance ...VPN Router (at employer's main office) WAN1 IP (N/A) WAN1 port inactive X X bzrouter.dyndns.org WAN2 IP Fully-Qualified Domain Names (FQDN) - required for Load Balancing In the case of the dual WAN ports on the gateway VPN firewall...re-establish VPN tunnel after a rollover Figure C-11 The purpose of the fully-qualified domain name in advance. required for Dual WAN Ports v1.0, August 2006 C-13 ProSafe VPN Firewall 200 FVX538 Reference Manual ...
FVX538 Reference Manual
Page 206
C-14 Network Planning for Fixed IP addresses - ProSafe VPN Firewall 200 FVX538 Reference Manual 10.5.6.0/24 Road Warrior Example (Dual WAN Ports, Load Balancing) Client B LAN IP 10.5.6.1 Gateway A VPN Router (at employer's main office) WAN1 IP bzrouter1.dyndns.org bzrouter2.dyndns.org WAN2 IP Fully-Qualified Domain ... port can be used for Dynamic IP addresses WAN IP 0.0.0.0 Remote PC (running NETGEAR ProSafe VPN Client) Figure C-12 The IP addresses of single WAN ports on the gateway VPN firewalls (Figure C-13), either fixed or dynamic. optional for Dual WAN Ports v1.0,...
C-14 Network Planning for Fixed IP addresses - ProSafe VPN Firewall 200 FVX538 Reference Manual 10.5.6.0/24 Road Warrior Example (Dual WAN Ports, Load Balancing) Client B LAN IP 10.5.6.1 Gateway A VPN Router (at employer's main office) WAN1 IP bzrouter1.dyndns.org bzrouter2.dyndns.org WAN2 IP Fully-Qualified Domain ... port can be used for Dynamic IP addresses WAN IP 0.0.0.0 Remote PC (running NETGEAR ProSafe VPN Client) Figure C-12 The IP addresses of single WAN ports on the gateway VPN firewalls (Figure C-13), either fixed or dynamic. optional for Dual WAN Ports v1.0,...
FVX538 Reference Manual
Page 207
... be either of the gateway WAN ports at one end can be used. ProSafe VPN Firewall 200 FVX538 Reference Manual 10.5.6.0/24 Gateway-to-Gateway Example (Single WAN Ports) 172.23.9.0/24 LAN IP 10.5.6.1 Gateway A VPN Router (at the other end as necessary to balance the loads of the gateway ...Reliability In the case of the gateway WAN ports can initiate the VPN tunnel with the appropriate gateway WAN port at office A) WAN IP FQDN netgear.dyndns.org WAN IP 22.23.24.25 Fully-Qualified Domain Names (FQDN) - optional for Dynamic IP addresses Gateway B VPN Router (at office B) -
... be either of the gateway WAN ports at one end can be used. ProSafe VPN Firewall 200 FVX538 Reference Manual 10.5.6.0/24 Gateway-to-Gateway Example (Single WAN Ports) 172.23.9.0/24 LAN IP 10.5.6.1 Gateway A VPN Router (at the other end as necessary to balance the loads of the gateway ...Reliability In the case of the gateway WAN ports can initiate the VPN tunnel with the appropriate gateway WAN port at office A) WAN IP FQDN netgear.dyndns.org WAN IP 22.23.24.25 Fully-Qualified Domain Names (FQDN) - optional for Dynamic IP addresses Gateway B VPN Router (at office B) -
FVX538 Reference Manual
Page 208
... Ports, After Rollover) 172.23.9.0/24 LAN IP 10.5.6.1 Gateway A VPN Router (at office A) WAN_A1 IP (N/A) WAN_A1 port inactive X X WAN_B1 IP netgearB.dyndns.org Gateway B netgear.dyndns.org WAN_A2 IP X X WAN_B2 port inactive WAN_B2 IP (N/A) VPN Router Fully-Qualified Domain Names (FQDN) (at office B) - ProSafe VPN Firewall 200 FVX538 Reference Manual The IP addresses of the gateway WAN ports can...
... Ports, After Rollover) 172.23.9.0/24 LAN IP 10.5.6.1 Gateway A VPN Router (at office A) WAN_A1 IP (N/A) WAN_A1 port inactive X X WAN_B1 IP netgearB.dyndns.org Gateway B netgear.dyndns.org WAN_A2 IP X X WAN_B2 port inactive WAN_B2 IP (N/A) VPN Router Fully-Qualified Domain Names (FQDN) (at office B) - ProSafe VPN Firewall 200 FVX538 Reference Manual The IP addresses of the gateway WAN ports can...
FVX538 Reference Manual
Page 209
...Load Balancing) LAN IP 10.5.6.1 Gateway A VPN Router (at office A) WAN_A1 IP netgear1.dyndns.org WAN_B1 IP 22.23.24.25 netgear2.dyndns.org WAN_A2 IP 22.23.24.26 WAN_B2 IP Fully-Qualified Domain Names (FQDN) - ProSafe VPN Firewall 200 FVX538 Reference Manual VPN Gateway-to-Gateway: Dual Gateway WAN Ports... for Load Balancing In the case of the dual WAN ports on the gateway VPN firewall (Figure C-16), either of the gateway WAN ports at one...
...Load Balancing) LAN IP 10.5.6.1 Gateway A VPN Router (at office A) WAN_A1 IP netgear1.dyndns.org WAN_B1 IP 22.23.24.25 netgear2.dyndns.org WAN_A2 IP 22.23.24.26 WAN_B2 IP Fully-Qualified Domain Names (FQDN) - ProSafe VPN Firewall 200 FVX538 Reference Manual VPN Gateway-to-Gateway: Dual Gateway WAN Ports... for Load Balancing In the case of the dual WAN ports on the gateway VPN firewall (Figure C-16), either of the gateway WAN ports at one...
FVX538 Reference Manual
Page 210
... (FQDN) - required for Dynamic IP addresses NAT Router B NAT Router (at telecommuter's home office) Figure C-18 Client B Remote PC (running NETGEAR ProSafe VPN Client) The IP address of the gateway WAN port can be used. The gateway WAN port must be either fixed or dynamic. ProSafe VPN Firewall 200 FVX538 Reference Manual VPN Telecommuter: Single Gateway WAN Port (Reference Case) In...
... (FQDN) - required for Dynamic IP addresses NAT Router B NAT Router (at telecommuter's home office) Figure C-18 Client B Remote PC (running NETGEAR ProSafe VPN Client) The IP address of the gateway WAN port can be used. The gateway WAN port must be either fixed or dynamic. ProSafe VPN Firewall 200 FVX538 Reference Manual VPN Telecommuter: Single Gateway WAN Port (Reference Case) In...
FVX538 Reference Manual
Page 211
... Example (Dual WAN Ports, After Rollover) Gateway A LAN IP 10.5.6.1 VPN Router (at telecommuter's home office) Remote PC must re-establish VPN tunnel after a rollover Figure C-19 Client B Remote PC (running NETGEAR ProSafe VPN Client) The purpose of the fully-qualified domain name is this example) and... of the gateway router between the IP addresses of the active WAN port (i.e., WAN1 and WAN2) so that the remote PC client can be either fixed or dynamic, but a fully-qualified domain name must re-establish the VPN tunnel. ProSafe VPN Firewall 200 FVX538 Reference Manual The ...
... Example (Dual WAN Ports, After Rollover) Gateway A LAN IP 10.5.6.1 VPN Router (at telecommuter's home office) Remote PC must re-establish VPN tunnel after a rollover Figure C-19 Client B Remote PC (running NETGEAR ProSafe VPN Client) The purpose of the fully-qualified domain name is this example) and... of the gateway router between the IP addresses of the active WAN port (i.e., WAN1 and WAN2) so that the remote PC client can be either fixed or dynamic, but a fully-qualified domain name must re-establish the VPN tunnel. ProSafe VPN Firewall 200 FVX538 Reference Manual The ...
FVX538 Reference Manual
Page 212
...Router B bzrouter2.dyndns.org WAN2 IP 0.0.0.0 Fully-Qualified Domain Names (FQDN) - If an IP address is fixed, a fully-qualified domain name is not known in advance. C-20 Network Planning for Fixed IP addresses - optional for Dual WAN Ports v1.0, August 2006 ProSafe VPN Firewall 200 FVX538 Reference Manual VPN...Dual WAN Ports, Load Balancing) Gateway A LAN IP 10.5.6.1 VPN Router (at telecommuter's home office) Figure C-20 Client B Remote PC (running NETGEAR ProSafe VPN Client) The IP addresses of the remote NAT router is optional. If an IP address is dynamic, a fully-...
...Router B bzrouter2.dyndns.org WAN2 IP 0.0.0.0 Fully-Qualified Domain Names (FQDN) - If an IP address is fixed, a fully-qualified domain name is not known in advance. C-20 Network Planning for Fixed IP addresses - optional for Dual WAN Ports v1.0, August 2006 ProSafe VPN Firewall 200 FVX538 Reference Manual VPN...Dual WAN Ports, Load Balancing) Gateway A LAN IP 10.5.6.1 VPN Router (at telecommuter's home office) Figure C-20 Client B Remote PC (running NETGEAR ProSafe VPN Client) The IP addresses of the remote NAT router is optional. If an IP address is dynamic, a fully-...
FVX538 Reference Manual
Page 23
...ProSafe VPN Firewall 200 FVX538 • VPN Wizard The FVX538 VPN firewall includes the NETGEAR VPN Wizard to easily configure VPN tunnels according to the recommendations of the Virtual Private Network Consortium (VPNC) to ensure the VPN tunnels are interoperable with other VPNC-compliant VPN routers and clients. • SNMP The FVX538 VPN firewall...to the Web Management Interface from an SNMP-compliant system manager. Maintenance and Support NETGEAR offers the following items: • FVX538 ProSafe VPN Firewall 200. • AC power cable. • 19-inch rack mounting hardware and ...
...ProSafe VPN Firewall 200 FVX538 • VPN Wizard The FVX538 VPN firewall includes the NETGEAR VPN Wizard to easily configure VPN tunnels according to the recommendations of the Virtual Private Network Consortium (VPNC) to ensure the VPN tunnels are interoperable with other VPNC-compliant VPN routers and clients. • SNMP The FVX538 VPN firewall...to the Web Management Interface from an SNMP-compliant system manager. Maintenance and Support NETGEAR offers the following items: • FVX538 ProSafe VPN Firewall 200. • AC power cable. • 19-inch rack mounting hardware and ...
FVX538 Reference Manual
Page 36
... of the remote PC client is static. Reference Manual for the ProSafe VPN Firewall 200 FVX538 Dual WAN Ports (Before Rollover) WAN1 IP Gateway netgear.dyndns.org X X VPN Router WAN2 port inactive WAN2 IP (N/A) Dual WAN Ports (After Rollover) Gateway WAN1 IP (N/A) WAN1 port inactive X X netgear.dyndns.org VPN Router WAN2 IP IP address of active WAN port changes after a rollover...
... of the remote PC client is static. Reference Manual for the ProSafe VPN Firewall 200 FVX538 Dual WAN Ports (Before Rollover) WAN1 IP Gateway netgear.dyndns.org X X VPN Router WAN2 port inactive WAN2 IP (N/A) Dual WAN Ports (After Rollover) Gateway WAN1 IP (N/A) WAN1 port inactive X X netgear.dyndns.org VPN Router WAN2 IP IP address of active WAN port changes after a rollover...
FVX538 Reference Manual
Page 37
...can be either fixed or dynamic. Network Planning 3-7 January 2005 Reference Manual for the ProSafe VPN Firewall 200 FVX538 10.5.6.0/24 Road Warrior Example (Single WAN Port) Client B LAN IP 10.5.6.1 Gateway A VPN Router (at employer's main office) WAN1 IP bzrouter.dyndns.org X WAN2 port inactive X...for Fixed IP addresses - required for Dynamic IP addresses WAN IP 0.0.0.0 Client B Remote PC (running NETGEAR ProSafe VPN Client) Figure 3-8: Single gateway WAN port case for VPN road warrior The IP addresses of the active WAN port is optional. The gateway WAN port must ...
...can be either fixed or dynamic. Network Planning 3-7 January 2005 Reference Manual for the ProSafe VPN Firewall 200 FVX538 10.5.6.0/24 Road Warrior Example (Single WAN Port) Client B LAN IP 10.5.6.1 Gateway A VPN Router (at employer's main office) WAN1 IP bzrouter.dyndns.org X WAN2 port inactive X...for Fixed IP addresses - required for Dynamic IP addresses WAN IP 0.0.0.0 Client B Remote PC (running NETGEAR ProSafe VPN Client) Figure 3-8: Single gateway WAN port case for VPN road warrior The IP addresses of the active WAN port is optional. The gateway WAN port must ...
FVX538 Reference Manual
Page 38
...January 2005 required for Dynamic IP addresses WAN IP 0.0.0.0 Remote PC (running NETGEAR ProSafe VPN Client) Remote PC must re-establish the VPN tunnel. Reference Manual for Fixed IP addresses - required for the ProSafe VPN Firewall 200 FVX538 After a rollover of the gateway WAN port (Figure 3-10), the ...Ports, After Rollover) Client B LAN IP 10.5.6.1 Gateway A VPN Router (at employer's main office) WAN1 IP bzrouter1.dyndns.org bzrouter2.dyndns.org WAN2 IP Fully-Qualified Domain Names (FQDN) - optional for VPN road warrior The purpose of the active WAN port (i.e., WAN1 ...
...January 2005 required for Dynamic IP addresses WAN IP 0.0.0.0 Remote PC (running NETGEAR ProSafe VPN Client) Remote PC must re-establish the VPN tunnel. Reference Manual for Fixed IP addresses - required for the ProSafe VPN Firewall 200 FVX538 After a rollover of the gateway WAN port (Figure 3-10), the ...Ports, After Rollover) Client B LAN IP 10.5.6.1 Gateway A VPN Router (at employer's main office) WAN1 IP bzrouter1.dyndns.org bzrouter2.dyndns.org WAN2 IP Fully-Qualified Domain Names (FQDN) - optional for VPN road warrior The purpose of the active WAN port (i.e., WAN1 ...
FVX538 Reference Manual
Page 39
...exemplify the requirements for a gateway VPN firewall to establish a VPN tunnel with the other gateway WAN port because the IP addresses are known in advance. 10.5.6.0/24 Gateway-to-Gateway Example (Single WAN Ports) 172.23.9.0/24 LAN IP 10.5.6.1 Gateway A VPN Router (at office B) LAN IP ... Gateway B VPN Router (at office A) WAN IP FQDN netgear.dyndns.org WAN IP 22.23.24.25 Fully-Qualified Domain Names (FQDN) - If an IP address is dynamic, a fully-qualified domain name must be either fixed or dynamic. Reference Manual for the ProSafe VPN Firewall 200 FVX538 The IP ...
...exemplify the requirements for a gateway VPN firewall to establish a VPN tunnel with the other gateway WAN port because the IP addresses are known in advance. 10.5.6.0/24 Gateway-to-Gateway Example (Single WAN Ports) 172.23.9.0/24 LAN IP 10.5.6.1 Gateway A VPN Router (at office B) LAN IP ... Gateway B VPN Router (at office A) WAN IP FQDN netgear.dyndns.org WAN IP 22.23.24.25 Fully-Qualified Domain Names (FQDN) - If an IP address is dynamic, a fully-qualified domain name must be either fixed or dynamic. Reference Manual for the ProSafe VPN Firewall 200 FVX538 The IP ...
FVX538 Reference Manual
Page 40
...inactive at Gateway B. 10.5.6.0/24 Gateway-to-Gateway Example (Dual WAN Ports, Before Rollover) 172.23.9.0/24 LAN IP 10.5.6.1 Gateway A VPN Router (at office A) WAN_A1 IP netgearA.dyndns.org WAN_B1 IP netgearB.dyndns.org Gateway B X X WAN_A2 port inactive X X WAN_B2 port inactive WAN_A2 ...end can be either fixed or dynamic, but a fully-qualified domain name must re-establish the VPN tunnel. 3-10 January 2005 Network Planning Reference Manual for the ProSafe VPN Firewall 200 FVX538 VPN Gateway-to-Gateway: Dual Gateway WAN Ports for Improved Reliability In the case of the dual WAN ...
...inactive at Gateway B. 10.5.6.0/24 Gateway-to-Gateway Example (Dual WAN Ports, Before Rollover) 172.23.9.0/24 LAN IP 10.5.6.1 Gateway A VPN Router (at office A) WAN_A1 IP netgearA.dyndns.org WAN_B1 IP netgearB.dyndns.org Gateway B X X WAN_A2 port inactive X X WAN_B2 port inactive WAN_A2 ...end can be either fixed or dynamic, but a fully-qualified domain name must re-establish the VPN tunnel. 3-10 January 2005 Network Planning Reference Manual for the ProSafe VPN Firewall 200 FVX538 VPN Gateway-to-Gateway: Dual Gateway WAN Ports for Improved Reliability In the case of the dual WAN ...
FVX538 Reference Manual
Page 41
... gateway IP address to -gateway VPN tunnels Network Planning January 2005 3-11 optional for the ProSafe VPN Firewall 200 FVX538 10.5.6.0/24 Gateway-to -Gateway Example (Dual WAN Ports, Load Balancing) 172.23.9.0/24 LAN IP 10.5.6.1 Gateway A VPN Router (at office A) WAN_A1 IP ...After Rollover) 172.23.9.0/24 LAN IP 10.5.6.1 Gateway A VPN Router (at office A) WAN_A1 IP (N/A) WAN_A1 port inactive X X WAN_B1 IP netgearB.dyndns.org Gateway B netgear.dyndns.org WAN_A2 IP X X WAN_B2 port inactive WAN_B2 IP (N/A) VPN Router Fully-Qualified Domain Names (FQDN) (at office B) LAN...
... gateway IP address to -gateway VPN tunnels Network Planning January 2005 3-11 optional for the ProSafe VPN Firewall 200 FVX538 10.5.6.0/24 Gateway-to -Gateway Example (Dual WAN Ports, Load Balancing) 172.23.9.0/24 LAN IP 10.5.6.1 Gateway A VPN Router (at office A) WAN_A1 IP ...After Rollover) 172.23.9.0/24 LAN IP 10.5.6.1 Gateway A VPN Router (at office A) WAN_A1 IP (N/A) WAN_A1 port inactive X X WAN_B1 IP netgearB.dyndns.org Gateway B netgear.dyndns.org WAN_A2 IP X X WAN_B2 port inactive WAN_B2 IP (N/A) VPN Router Fully-Qualified Domain Names (FQDN) (at office B) LAN...
FVX538 Reference Manual
Page 42
Reference Manual for the ProSafe VPN Firewall 200 FVX538 The IP addresses of the remote NAT router is not known in advance. VPN Telecommuter (Client-to establish a VPN tunnel with a dynamic IP address through a NAT router to -Gateway Through a NAT Router) Note: The telecommuter case presumes the home office has a dynamic IP address and NAT router. The following situations exemplify the requirements...
Reference Manual for the ProSafe VPN Firewall 200 FVX538 The IP addresses of the remote NAT router is not known in advance. VPN Telecommuter (Client-to establish a VPN tunnel with a dynamic IP address through a NAT router to -Gateway Through a NAT Router) Note: The telecommuter case presumes the home office has a dynamic IP address and NAT router. The following situations exemplify the requirements...