NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
mosquiton
Jul 25, 2016Aspirant
Dual wan Dual vpn utm9s
Hi everyone, is my first time i face a netgear firewall, anda sicerely i'm having some problem with a configuration, i have 2 utm9s and it was asked to me to configure them in dual wan dua vpn mode...
- Jul 25, 2016
Hi,
As far as I know, setting up two IPSec VPN connections between the same two routers is not the way to go.
It's not going to work because the VPN policies will conflict each other ("the destination subnet foo must go through the VPN bar" rule must be unique).
To configure this properly, you need to use rollover inside the VPN policy, on both side. And because you can only set one IP address as remote endpoint, you must use an FQDN.
The roll-over option determines which WAN interface use as outbound, and the FQDN as remote endpoint determines which remote IP address is used for the communication.
mosquiton
Jul 25, 2016Aspirant
hi DaneA,
thank you for your support, you are very kind,
yes exactly that figure.
the ip addresses are static and given from the isp, the firmware is the 3.6.2-4.
there's 2 broadband connection on each site with 4 public and static ip
if i set up only one vpn tunnel everything looks and works good, troubles begin when i try to setup the second link.
unfortunately theres no documentation from netgear to set up that kind of scenario...
tnx
omicron_persei8
Jul 25, 2016Luminary
Hi,
As far as I know, setting up two IPSec VPN connections between the same two routers is not the way to go.
It's not going to work because the VPN policies will conflict each other ("the destination subnet foo must go through the VPN bar" rule must be unique).
To configure this properly, you need to use rollover inside the VPN policy, on both side. And because you can only set one IP address as remote endpoint, you must use an FQDN.
The roll-over option determines which WAN interface use as outbound, and the FQDN as remote endpoint determines which remote IP address is used for the communication.
- mosquitonJul 26, 2016Aspirant
Thank you so much for your feedback, i'll give it a try!!
- DaneAJul 31, 2016NETGEAR Employee Retired
Hi mosquiton,
We’d greatly appreciate hearing your feedback letting us know if the information I’ve provided has helped resolve your concern or if you need further assistance. If ever your concern has been resolved, I encourage you to mark the appropriate reply as the “Accepted Solution” so others can be confident in benefiting from the solution. The NETGEAR Community looks forward to hearing from you and being a helpful resource in the future!
Regards,DaneA
NETGEAR Community Team
- mosquitonAug 02, 2016Aspirant
I've appreciated a lot your help! great community, i'll put next week the solution in production, i'm still testing it in lab, i'll post soon my feedback. Thanks everyone!
Related Content
NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!