NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

mosquiton's avatar
mosquiton
Aspirant
Jul 25, 2016
Solved

Dual wan Dual vpn utm9s

Hi everyone,

is my first time i face a netgear firewall, anda sicerely i'm having some problem with a configuration,

i have 2 utm9s and it was asked to me to configure them in dual wan dua vpn mode.

let me be more specific, we have 2 site with each one with 2 broadband connection and public ip.

the aim is to make 2 vpn tunnel with failover over the 2 separate wan connection,

the problem is, when i set up using the wizard it says that the configuration is invalid.

on the manual i've seen that technically is possible , but i don't know how....

 

thanks everyone

Security
utm9s
  • omicron_persei8's avatar
    omicron_persei8
    Jul 25, 2016

    Hi,

    As far as I know, setting up two IPSec VPN connections between the same two routers is not the way to go.

    It's not going to work because the VPN policies will conflict each other ("the destination subnet foo must go through the VPN bar" rule must be unique).

    To configure this properly, you need to use rollover inside the VPN policy, on both side. And because you can only set one IP address as remote endpoint, you must use an FQDN.

    The roll-over option determines which WAN interface use as outbound, and the FQDN as remote endpoint determines which remote IP address is used for the communication.

10 Replies

  • DaneA's avatar
    DaneA
    NETGEAR Employee Retired
    Jul 25, 2016

    Hi mosquiton,

     

    Welcome to the community! :) 

     

    Have you tried to create another VPN policy on the UTM9s located on the remote location with WAN 2 port as the peer box-to-box connection?  Also, you may try using FQDN because I think that for auto-rollover mode, you need a fully qualified domain name (FQDN) to implement features such as exposed hosts and virtual private networks regardless of whether you have a fixed or dynamic IP address. 

     

     

    Regards,

     

    DaneA

    NETGEAR Community Team

    • mosquiton's avatar
      mosquiton
      Aspirant
      Jul 25, 2016

      Hi!

      Thanks for the welcome!

      i've created 2 vpn policies on every box, on the reference manual of utm9s there's a picture that represent the exact scenario that i'm facing off.

      exactly at page 635 of "UTM_RM_15Oct2012".

      i hope fqdn will not be required:smileyhappy:

      • DaneA's avatar
        DaneA
        NETGEAR Employee Retired
        Jul 25, 2016

        Hi mosquiton,

         

        I believe you are referring to Figure 373 from page 635 of the UTM reference manual here.  Kindly answer my questions below:

         

        a. Are your WAN IP addresses fixed (static) or dynamic? 

        b. What is the current firmware version of the 2 UTM9s? 

         

         

        Regards,


        DaneA

        NETGEAR Community Team

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More