Hello to all Peplink community, am in the process of re-building our network, currently one MPLS in 5 sites all with T1. We recently have a new fiber provider in the area which am planning to bond with a cable line to eliminate the MPLS.
I obtain 3 Balance 310 and 2 Balance 380 and a Cisco ASA-5516; I would like all traffic to be send via the main site and if that fails to go over the backup data site. But I would also like to use the ASA 5516 with firepower to inspect all traffic coming from external sites via SpeedFusion VPN.
Where should I placed the ASA? In-front of the Balance 380 at the main site? or behind the balance 380 on the main site. If it is behind, how can i route all incoming traffic from the Balance 380 to go thru the ASA 5516 and then go out to the internet?
I would normally reach for drop in mode when there is a CISCO router at a customer site, but your requirement for all outbound traffic to go via the CISCO excludes that (since the CISCO would only be on one WAN path not all of them in that configuration).
You really want the CISCO to be LAN side of the balance so at your head office (and I assume replicated at your DR site) a setup like this:
[Main Site LAN] β CISCO β Balance β [WAN 1+2 etc] β [Internet]
But what about the internet bound PepVPN traffic? I think I would do a non standard config and route all internet traffic from remote PepVPN peers out of a dedicated WAN port on the Balance at the main/dr sites that then passes via a dedicated VLAN on the CISCO.and back out through the CISCO.
@MartinLangmaid, Thank you very much for your answer, am a newbie in the Peplink world. Based on your diagram, I should create all VLANβs on the Balanace 380, create outbound rules on the Balance 380 to send incoming traffic sites A,B,C go out via internal vlan assigned to Cisco ASA.
Ex. (Main site 10.10.10.0, Cisco ASA=10.10.9.0) Site A= 192.168.2.0
Source β IP Network 192.168.2.0 β Destination 10.10.9.0 β Protocol Any β Algorithm Enforced via WAN 3. In this case the Peplink Router will process traffic from external sites twice.
Am still a bit confuse. Was I in the right track?
