Dual WAN Port Systems

The dual WAN ports in the VPN firewall can be configured for rollover mode for increased system reliability by specifying the Broadband connection with the Dialup connection as backup. This WAN mode choice then impacts how the VPN features must be configured.

Table 5-1. IP Addressing Requirements for VPN in Dual WAN Port Systems
Configuration and WAN IP address		Rollover Mode¹	Dedicated Mode
VPN Road Warrior (client-to-gateway)	Fixed	FQDN required	Allowed (FQDN optional)
VPN Road Warrior (client-to-gateway)	Dynamic	FQDN required	FQDN required
VPN Gateway-to-Gateway	Fixed	FQDN required	Allowed (FQDN optional)
VPN Gateway-to-Gateway	Dynamic	FQDN required	FQDN required
VPN Telecommuter (client-to-gateway through a NAT router)	Fixed	FQDN required	Allowed (FQDN optional)
VPN Telecommuter (client-to-gateway through a NAT router)	Dynamic	FQDN required	FQDN required

¹All tunnels must be re-established after a rollover using the new WAN IP address.

The use of fully qualified domain names is mandatory when the WAN ports are in rollover mode (Configuring the WAN Mode); also required for the VPN tunnels to fail over. When using rollover mode, you must configure a Dynamic DNS service (see Configuring Dynamic DNS (If Needed) to select and configure the Dynamic DNS service).