SpeedFusion supports Drop-in mode environment. In this network scenario, user would require to communicate the private LAN subet 192.168.1.0/24 and 192.168.2.0/24
On Site A, all outgoing traffic from private subnet 192.168.1.0/24 will be NATed by Firewall, the source IP will be changed from private LAN address to public address 210.10.10.2. Therefore, inside the Peplink VPN tunnel, 210.10.10.2 traffic will be passed in stead of 192.168.1.0/24. Same situation will be applied to Site B. So, inside the tunnel, Peplink will see the traffic between 210.10.10.2 and 60.20.20.2 but not 192.168.1.0/24 and 192.168.2.0/24
In order to route the private LAN subnet over SpeedFusion Site-to-Site VPN, the following steps are required:
- Both Firewall must be configured to bypass NAT for traffic between subnet 192.168.1.0/24 and 192.168.2.0/24.For example: The traffic from 192.168.1.0/24 to 192.168.2.0/24, Firewall at Site A just route to external public side without doing NAT, for the rest of the traffic, Firewall will NAT them, as they are Internet traffic.
- Add LAN Static Route on both Peplink units at Network > LAN > Static Route Settings.
- In Peplink Site A, LAN Static Route: 192.168.1.0/24 via 210.10.10.2
- In Peplink Site B, LAN Static Route: 192.168.2.0/24 via 60.20.20.2