Hello Peplink & Community,
Have you ever had a situation where your customer wants to “cooky-cut” all their sites to be the same? That means they require every router to have an identical configuration, and all the devices on that router will have the same setup.
Many Peplink partners and MSPs will have had this; it is a common request from businesses and organisations that have to move systems around and interchange devices a lot, though they do not have the resources to keep reconfiguring the IPs.
Peplink is very close to a solution for this. We propose a new feature within Peplink routers (physical and virtual) that, with incoming port forwarding rules, you can nominate the PepVPN/SpeedFusion tunnel to get used, much like you can do with outgoing policies.
For example, an organisation has several systems that get moved between vehicles (trucks, vans, warehouses, helicopters, boats); all equipment runs the same predetermined configuration in each device and router. As all the equipment gets used for real-time communications, faulty equipment needs to be a straight plug and go when swapped out, with no reprogramming.
Each has the same configuration using the MAX HD4 MBX as the routers; all connections are behind a CGNAT (Carrier Grade NAT).
For security reasons, the organisation only has a single approved Public IP hosted in a virtual data centre (such as CGE, AWS, or AZURE), so the solution will need to use FusionHub.
All of the MBX connections to the FusionHub will need to be NATed because they all have the same IP setup; this works well with SpeedFusion for combining the multiple WANs into a fault-resilient transport stream outbound from the MBX unit.
The challenge comes when needing to access devices on each MBX unit from the WAN side of the FusionHub.
:8111 → x.x.1.230:8100 (helicopter#1)
The above works fine when the subnets are not duplicated or NATed, though it does not work when they get duplicated on multiple devices.
What we are looking for is a way to also in the port transation add in which PepVPN that inbount port forwarding rule relates to:
:8111 via PepVPN<name#1> → x.x.1.230:8100 (helicopter#1)
:8112 via PepVPN<name#2> → x.x.1.230:8100 (helicopter#2)
:8113 via PepVPN<name#3> → x.x.1.230:8100 (helicopter#3)
Looking forward the seeing the communities thoughts on this feature request.
Note that Peplink’s new InTouch technology will not work as it is not web pages getting accessed.
Happy to Help,
Marcus 
