1 @ Balance 305 in HQ + 3 @ Balance 30 in remote branches


#1

OK - Here goes my dilemma;

We have our Toronto HQ and 3 remote branches in Edmonton / Vancouver / Calgary…
Toronto office has a Peplink Balance 305
All three branch offices have Peplink Balance 30

We had everything set up via IPsec VPN w/Preshared Key, etc. and it was working fine with TWO branches + Toronto HQ.
When we recently added the latest office (Calgary), it doesn’t appear to establish connection to this new office.

Is there a limitation with the Balance series that only allow TWO concurrent branch VPN connections?
I have all the details, and can provide more if this isn’t the simple answer…
Please help!!


#2

The Balance 305 supports up to 20 IPsec VPNs. Are there any differences with the new office internet connection, etc?


#3

No - this new addition was configured the EXACT same way as the other two branches…

10.0.0.0/24 <-> 10.0.1.0/24 [TORONTO to EDMONTON] *Works fine
10.0.0.0/24 <-> 13.0.0.0/8 [TORONTO to VANCOUVER] *Works fine
10.0.0.0/24 <-> 14.0.0.0/24 [TORONTO to CALGARY] *Won’t connect

All units utilizing the same Preshared Key config:
*Main Mode
*Phase 1 (IKE) Proposal: AES-256 & SHA1
*Phase 1 DH Group: Group 2: MODP 1024
*Phase 2 (ESP) Proposal: AES-256 & SHA1
*Phase 2 PFS Group: None

***The only additional NOTE to clarify is that the HQ (Toronto) Office is the Balance 305. The 3 remote branches are all Balance 30.


#4

Any thoughts?
I’m in quite a fix here and client is demanding resolution ASAP.
I really appreciate any assistance that you can offer.


#5

Is there any reason why you are using IPSec instead of PepVPN?

Does the Calgary location have a static WAN IP?


#6

Yes - All 4 locations including HQ have static IP addresses.
I’ve always been in the habit of using IPsec as it was a standard that I was familiar with.
Is there any complication into setting up PepVPN in my particular configuration of 4 branches?

…On a related note: Would it be possible to have any kind of telephone / remote assistance from Peplink in this initial PepVPN setup?
(If so - what would be the associated cost, if any)

Thanks in advance for your prompt reply!!


#7

Can you temporarily disconnect Edmonton or Vancouver and see if Calgary will come up?


#8

Thanks for your input on this situation…

This issue is now RESOLVED - And the final outcome was as follows:
I temporarily disabled the EDMONTON VPN service, and nothing seemed to improve.
While EDMONTON was still disabled, I power cycled the CALGARY PepLink Balance 30, and when it came back online, it authenticated and connected successfully.
I re-established the EDMONTON VPN, and it also established connection successfully to our Toronto HQ.
…Everything is now working properly - so presumably just summed-up as some kind of ‘hiccup’.


#9

Thanks for the update, glad it’s up and running :up: