Hi Everyone,
I’m looking for any input on using Peplink Balance Cores as routers on a new Metro Ethernet link between offices. We currently have a managed IPVPN between the offices with each office having a different subnet. I want to keep subnets at each office so looking to setup my own routed network on the Metro Ethernet which behaves like a switch/bridge between the offices. I currently have two Balance Cores setup as a test environment with WAN-1 of each unit connected to a switch to simulate the Metro Ethernet connection. I’m hoping maybe there’s some documentation on doing this but here’s where I’m at.
Site-A Main
Balance LAN = 10.55.55.0/24
Balance WAN IP = 192.168.168.1/28
Balance WAN GW = 192.168.168.2
(This office has a separate Internet router/gateway of 10.55.55.122)
Site-B Branch Office
Balance LAN = 10.55.58.0/24
Balance WAN IP = 192.168.168.2/28
Balance WAN GW = 192.168.168.1
Currently I can ping each ends LAN IP from the other end but haven’t been able to ping devices on the LAN itself. I’m just now looking at adding an “Any” outbound policy but don’t see that option for an inbound policy. I’m a bit confused between Outbound Policy, Inbound Access, and Firewall Access options.
Any advice/input would be a appreciated. This is my first point to point Metro Ethernet connection and had a hard time wrapping my head around the concept. I plan on adding additional branch offices after I get it figured out and maybe using the second WAN with PepVPN as a backup route. In the past I’ve used Adtran’s for this type of routing but use a 100’s of Max-BR1’s for M2M connections so thought I’d try to use the Balance routers so I could do failover and manage via InControl2.
Thanks for any input you might have.
Mike
Site-A you say has a separate internet gateway (10.55.55.122) I assume the LAN clients there all have that as their default gateway? If so you’ll need to add a static route on that device for the 10.55.58.0/24 network with the LAN of the Balance (10.55.55.x) as the next hop.
1 Like
Also - I’m not clear on your routing topology. Are you using PepVPN over the Metro ethernet link? Or are you just routing directly over it with IP Forwarding?
1 Like
Thanks for the reply Martin. I’ve read many of your website articles and forum posts over the years and have learned a lot from them.
This morning I was going through the manual and found this “Important Note” which led me to find the somewhat hidden menu option of “IP Forwarding” under the WAN-1 Routing Mode.
“Inbound access applies only to WAN connections that operate in NAT mode. For WAN connections that operate in drop-in mode or IP forwarding, inbound traffic is forwarded to the LAN by default”
As soon as I made that change in in both units everything seems to be working as expected.
As far as the Internet Gateway I had already added that static route but know that it often gets missed.
As far as routing topology it’s just simple IP forwarding over the Metro Ethernet which I’m just simulating with a switch. No PepVPN at this point but maybe in the future over WAN-2 as a backup path. I had planned on doing I diagram before posting but haven’t had a chance yet. Once I get it all figured out I hope to put something together for others looking for the same info. I’ve got a few little things I’m still trying to figure out like accessing the remote units GUI using it’s LAN IP which I haven’t been able to do. I can access it by it’s WAN IP address when turned on in Web Admin Access.
Thanks again!
So I Can’t figure out why I can’t access either far ends Pepwave GUI using it’s LAN IP.
So if I’m on the 10.55.58.x network I can’t get to the other Pepwave login page at 10.55.55.2 and vice-versa if I’m on the 10.55.55.x network I can’t get to the other Pepwave login page at 10.55.58.1
Anybody have any ideas why and if there’s a solution? Thanks
So nobody spends any time on this I wanted to post that while working on another project I realized I was going about this the wrong way. Being that the Metro Ethernet acts as one really long network cable between locations I just needed to add a Balance Core router to the far end Site-B location and assign an IP from the Site-A network to the WAN-1 on the Site-B Balance router and add the route in my default gateway. No different then creating subnets within the same local office. My mind was still working on the concept of T1’s or MPLS connectivity with a router at each end.
Thanks