NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

mosquiton's avatar
mosquiton
Aspirant
Jul 25, 2016
Solved

Dual wan Dual vpn utm9s

Hi everyone, is my first time i face a netgear firewall, anda sicerely i'm having some problem with a configuration, i have 2 utm9s and it was asked to me to configure them in dual wan dua vpn mode...
Security
utm9s
  • omicron_persei8's avatar
    omicron_persei8
    Jul 25, 2016

    Hi,

    As far as I know, setting up two IPSec VPN connections between the same two routers is not the way to go.

    It's not going to work because the VPN policies will conflict each other ("the destination subnet foo must go through the VPN bar" rule must be unique).

    To configure this properly, you need to use rollover inside the VPN policy, on both side. And because you can only set one IP address as remote endpoint, you must use an FQDN.

    The roll-over option determines which WAN interface use as outbound, and the FQDN as remote endpoint determines which remote IP address is used for the communication.

mosquiton's avatar
mosquiton
Aspirant
Jul 25, 2016

hi DaneA,

thank you for your support, you are very kind,

yes exactly that figure.

the ip addresses are static and given from the isp, the firmware is the 3.6.2-4.

there's 2 broadband connection on each site with 4 public and static ip

if i set up only one vpn tunnel everything looks and works good, troubles begin when i try to setup the second link.

 

unfortunately theres no documentation from netgear to set up that kind of scenario...

tnx

 

omicron_persei8's avatar
omicron_persei8
Luminary
Jul 25, 2016

Hi,

As far as I know, setting up two IPSec VPN connections between the same two routers is not the way to go.

It's not going to work because the VPN policies will conflict each other ("the destination subnet foo must go through the VPN bar" rule must be unique).

To configure this properly, you need to use rollover inside the VPN policy, on both side. And because you can only set one IP address as remote endpoint, you must use an FQDN.

The roll-over option determines which WAN interface use as outbound, and the FQDN as remote endpoint determines which remote IP address is used for the communication.

  • mosquiton's avatar
    mosquiton
    Aspirant
    Jul 26, 2016

    Thank you so much for your feedback, i'll give it a try!!

    • DaneA's avatar
      DaneA
      NETGEAR Employee Retired
      Jul 31, 2016

      Hi mosquiton,

       

      We’d greatly appreciate hearing your feedback letting us know if the information I’ve provided has helped resolve your concern or if you need further assistance.  If ever your concern has been resolved, I encourage you to mark the appropriate reply as the “Accepted Solution” so others can be confident in benefiting from the solution. The NETGEAR Community looks forward to hearing from you and being a helpful resource in the future!

       


      Regards,

       

      DaneA

      NETGEAR Community Team

      • mosquiton's avatar
        mosquiton
        Aspirant
        Aug 02, 2016

        I've appreciated a lot your help! great community, i'll put next week the solution in production, i'm still testing it in lab, i'll post soon my feedback. Thanks everyone!

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More