NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
mosquiton
Jul 25, 2016Aspirant
Dual wan Dual vpn utm9s
Hi everyone, is my first time i face a netgear firewall, anda sicerely i'm having some problem with a configuration, i have 2 utm9s and it was asked to me to configure them in dual wan dua vpn mode...
- Jul 25, 2016
Hi,
As far as I know, setting up two IPSec VPN connections between the same two routers is not the way to go.
It's not going to work because the VPN policies will conflict each other ("the destination subnet foo must go through the VPN bar" rule must be unique).
To configure this properly, you need to use rollover inside the VPN policy, on both side. And because you can only set one IP address as remote endpoint, you must use an FQDN.
The roll-over option determines which WAN interface use as outbound, and the FQDN as remote endpoint determines which remote IP address is used for the communication.
DaneA
Jul 25, 2016NETGEAR Employee Retired
Hi mosquiton,
Welcome to the community! :)
Have you tried to create another VPN policy on the UTM9s located on the remote location with WAN 2 port as the peer box-to-box connection? Also, you may try using FQDN because I think that for auto-rollover mode, you need a fully qualified domain name (FQDN) to implement features such as exposed hosts and virtual private networks regardless of whether you have a fixed or dynamic IP address.
Regards,
DaneA
NETGEAR Community Team
mosquiton
Jul 25, 2016Aspirant
Hi!
Thanks for the welcome!
i've created 2 vpn policies on every box, on the reference manual of utm9s there's a picture that represent the exact scenario that i'm facing off.
exactly at page 635 of "UTM_RM_15Oct2012".
i hope fqdn will not be required:smileyhappy:
- DaneAJul 25, 2016NETGEAR Employee Retired
Hi mosquiton,
I believe you are referring to Figure 373 from page 635 of the UTM reference manual here. Kindly answer my questions below:
a. Are your WAN IP addresses fixed (static) or dynamic?
b. What is the current firmware version of the 2 UTM9s?
Regards,
DaneANETGEAR Community Team
- mosquitonJul 25, 2016Aspirant
hi DaneA,
thank you for your support, you are very kind,
yes exactly that figure.
the ip addresses are static and given from the isp, the firmware is the 3.6.2-4.
there's 2 broadband connection on each site with 4 public and static ip
if i set up only one vpn tunnel everything looks and works good, troubles begin when i try to setup the second link.
unfortunately theres no documentation from netgear to set up that kind of scenario...
tnx
- omicron_persei8Jul 25, 2016Luminary
Hi,
As far as I know, setting up two IPSec VPN connections between the same two routers is not the way to go.
It's not going to work because the VPN policies will conflict each other ("the destination subnet foo must go through the VPN bar" rule must be unique).
To configure this properly, you need to use rollover inside the VPN policy, on both side. And because you can only set one IP address as remote endpoint, you must use an FQDN.
The roll-over option determines which WAN interface use as outbound, and the FQDN as remote endpoint determines which remote IP address is used for the communication.
Related Content
NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!