2 vpn planning - fail over, Before fail over, After fail over – PLANET MH-1000 User Manual

Multi-Homing Security Gateway User’s Manual

VPN provides a flexible, cost-efficient, and reliable way for companies of all sizes to stay connected. One of

the most important steps in setting up a VPN is proper planning. The following sections demonstrate the

various ways of using MH-1000 to setup your VPN.

2.6.2 VPN Planning - Fail Over

Configuring your VPN with Fail Over allows MH-1000 to automatically default to WAN2 should WAN1 fail.

planet.dyndns.org

Before Fail Over

192.168.2.x

200.200.200.1

200.200.200.1

192.168.3.x

planet.dyndns.org

MH-1000

MH-1000

MH-1000

MH-1000

VPN Tunnel

VPN Tunnel

192.168.2.x

192.168.3.x

After Fail Over

Because the dynamic domain name planet.dyndns.org is configured for both WAN1 and WAN2, the active

WAN port will announce the domain name through the WAN IP address. The remote gateway will then be

able to connect to the VPN through the domain name.

In this Gateway to Gateway example, MH-1000 is communicating to a remote gateway using WAN1

through a secure VPN tunnel. Should WAN1 fail, outbound traffic from MH-1000 will automatically be

redirected to WAN2. This process is completely transparent to the remote gateway, as MH-1000 will

automatically update the domain name (planet.dyndns.org) with the WAN2 IP address. Configuring a

Gateway to Multiple Gateway setup with Fail Over is similar, as shown below:

- 17 -