Adding More Vpn Tunnels - NETGEAR FVS124G Configuration Manual

Adding more VPN Tunnels

The tunnel you have set up in the first part of this document can be used by multiple users if you use Mode Config (with a
sufficiently large IP address pool), or if you manually set an individual Local Address for each user, as described in "The
Role of the Local Address in VPN Tracker". This is the recommended setup.
However, there may be situations where it is necessary to create additional VPN tunnels, instead of reusing one tunnel.
For example, if you need to issue users individual pre-shared keys, you can add multiple VPN tunnels with different pre-
shared keys. Or you may require a static gateway-to-gateway tunnel, in addition to a tunnel used by VPN clients.
Tip If your needs expand to more than a handful of users, you may want to consider upgrading to a VPN gateway
that supports Extended Authentication (XAUTH) in order to avoid having to set up an individual VPN tunnel on
the device for each user, just to be able to issue them individual passwords.
When more than one tunnel is configured and enabled on the device, you will have to ensure that there are no conflicts:
‣ For the IKE policies, make sure that the identifiers for each tunnel are different.
‣ If you have more than one tunnel used by clients connecting from dynamic IP addresses, make sure that the "Remote
IP" is "Any" for only one of the policies (or simply use Mode Config). If you are using an "Any" policy, it must be last in
the list. For the other tunnels, set a fixed remote IP that is the same as the "Local Address" in VPN Tracker. In the
following example, the address "10.22.13.1" is used both on the device and in VPN Tracker:
Note A VPN policy that is set up to accept only a single "Remote IP" can only be used by a single user at a time.
22