Balance one site-to-site to Balance 710


#21

Then potentially the return path from the DC network is broken. Your DC firewall could be blocking traffic from unknown remote subnets, or you might not have a route in their for the remote subnet with the B710 LAN IP as the gateway.


#22

i connected direct to my Balance one. i ping the LAN IP.
i always get as the below. what the problem?

Reply from 10.17.17.254: bytes=32 time<1ms TTL=64
Reply from 10.17.17.254: bytes=32 time<1ms TTL=64
General failure.
General failure.
General failure.
Request timed out.
Reply from 10.17.17.254: bytes=32 time<1ms TTL=64
Reply from 10.17.17.254: bytes=32 time<1ms TTL=64


#23

Not enough info. Would need a network diagram with your IP addressing to begin to help. Or log a ticket with engineering (who will also need a network diagram with IP addressing).


#24

Dear martin.
below the log. i connected my PC direct to the balance one LAN interface.
and ping local LAN interface of Balance one

Apr 10 14:38:03 Port: Port 1 status changed (link up, speed 100 Mbps Full Duplex)
Apr 10 14:38:00 Port: Port 1 status changed (link down)
Apr 10 14:37:23 Port: Port 1 status changed (link up, speed 100 Mbps Full Duplex)
Apr 10 14:37:20 Port: Port 1 status changed (link down)

#25

@msaeed

The logs show that this can be related to the physical link/ports speed negotiation issue:

  1. Other devices having the same issue ? What is the OS running for your PC ?

  2. Do you try before static the LAN port speeds ? (100Mbps / 1000Mbps for the LAN port )

  3. Check Ethernet cable


#26

D
Dear martin,
can i connect Balance One in the branch to MPLS as WAN1 and WAN2 to internet.so the two link can be as a failover for the branch


#27

Yes you can. On private point to point links (like MPLS and P2P WiFI) its worth turning on connection mapping in the SpeedFusion profile to tell the balance that certain WANs can only create tunnels between their directly connected counterparts:


#29

Hi PepLink Support,

I try to set up VPN for our external worker access to our LAN network. I followed your guide here(Setting up L2TP With IPsec) Setting up L2TP With IPsec but without success. When connecting using Windows 10 VPN client, I got “A connection to the remote computer could not be established, so the port used for this connection was closed…”. i have B710 firmware version: 7.1.0


#30

Please check the forum thread below:


#31

Dear
my B710 is not behind a NAT device and I’m not able to connect to the VPN on a Mac, iPhone and Android devices.


#32

Would you able to perform packet capture and verify whether the L2TP VPN traffics reaching to the Balance 710 WAN interface ?


#33

i did not find event log regarding the issue


#34

I mean packet capture and verify traffics reaching to the WAN interface.


#35

Dear Peplink Supportو
kindly i need explain the difference between outbound policy and outbound/inbound firewall rules with examples.


#36

Outbound policies are routing policies for outbound traffic.
You can identify which traffic a policy is applied to by the internal source of the traffic (eg IP / MAC addresses) , its destination (IP / Domain) or a combination of the two and then apply specific load balancing algorithms to the traffic. Those load balancing algorithms can selectively use available healthy WANs for the identified traffic.

Firewall rules allow or deny traffic to pass between subnets. Those rules can apply to Outbound traffic (LAN to WAN) Inbound traffic (WAN to LAN) and Internal traffic (LAN/VLAN to LAN/VLAN). Traffic is identifiable by source MAC / IP or protocol.

Examples

Your VoIP traffic to your hosted provided is authenticated by your public IP (so only VoIP traffic from your fibre internet connectivity is allowed), but you have multiple WANs (Fiber, DSL and 4G).

In this case you would use outbound policies with your hosted voip service public IP entered as the destination IP to identify the traffic in scope and then the enforce algorithm to send it over the fibre line and not the DSL or 4G.

You have a CCTV server / DVR hosted on your LAN with port forwarding through your Peplink device for remote access to it. You want to restrict access to that DVR to known remote users (by IP address).

You would add two inbound firewall rules, 1 that denies all traffic from WAN to the LAN IP of the DVR to block general access to the DVR. Then another above that that allows access to the DVR by source IP (the source being the public IP of the remote user).

You have three VLANS configured on your Peplink, one for IoT devices (home heating control, temp monitoring, smart meter), another for guest wifi and a third for your own laptops / PCs. You don’t want your home devices to be accessible by the IoT or guest networks / devices.
You have three WANs, DSL, Satellite - and cellular as backup, and only want your home devices to use the satellite link when the DSL is saturated and the cellular when both DSL and Satellite have failed. The IoT and guest wifi devices should never use the satellite or cellular WAN links

  • Set up Internal firewall rules that deny the IoT and guest network from accessing your home network.
  • Set an outbound policy (enforced) with a source of any and a destination of DSL WAN. (so the default is all devices can only use the DSL)
  • Add a new outbound policy (above the last) that identifies the source as your home network - chose the overflow algorithm (dsl first then satellite). (this lets your home network devices access the DSL and satellite WANs).
  • Below that rule add another outbound policy (enforced) identifying your home network as the source with the cellular WAN as the destination. (this policy only has an effect if the DSL and satellite and both unavailable)
  • Set the Cellular WAN as P2 in the dashboard (so its only used for failover).

#37

Dears,
we are using PRTG for monitoring our network. PRTG showing the below warning about my Balance 710
(20 % (Free Space) is below the warning limit of 25 % in Free Space)
image


#38

@msaeed

You can actually ignore the warning. Believe you are using generic DISK space SNMP OIDs for server to monitor Peplink devices. This is not applicable to Peplink router.