ProSecure Unified Threat Management UTM10 or UTM25 Reference Manual
Network Planning for Dual WAN Ports (UTM25 Only)
B-13
v1.0, September 2009
VPN Road Warrior: Dual Gateway WAN Ports for Load Balancing
In a dual-WAN port load balancing gateway configuration, the remote PC initiates the VPN tunnel
with the appropriate gateway WAN port (that is, port WAN1 or WAN2 as necessary to balance the
loads of the two gateway WAN ports) because the IP address of the active WAN port is not known
in advance. The selected gateway WAN port must act as the responder.
The IP addresses of the gateway WAN ports can be either fixed or dynamic. If an IP address is
dynamic, you must use a FQDN. If an IP address is fixed, an FQDN is optional.
VPN Gateway-to-Gateway
The following situations exemplify the requirements for a gateway VPN firewall such as an UTM
to establish a VPN tunnel with another gateway VPN firewall:
•
Single gateway WAN ports
•
Redundant dual gateway WAN ports for increased reliability (before and after rollover)
•
Dual gateway WAN ports for load balancing
VPN Gateway-to-Gateway: Single Gateway WAN Ports (Reference Case)
In a configuration with two single WAN port gateways, either gateway WAN port can initiate the
VPN tunnel with the other gateway WAN port because the IP addresses are known in advance (see
Figure B-13 on page B-14
).
Figure B-12