Hi I am new to Peplink and would just like to confirm a few things I am unclear on. I would like to connect two remote offices to the HQ. We are small so only a few users in each site. The remote sites have DSL lines with single static IP addresses. The HQ has a 10Mb line provided by wireless which is proving unreliable. We have a DSL backup also with a single static IP address. The only inbound services are on the 10Mb line but there are site-to-site VPNs from each remote site. I’d like to achieve a situation where inbound services and the VPN connections from the remote sites would automatically fail over between the two lines at the HQ. So my questions are: 1. I understand the Peplinks can be on a NAT’d address and the VPN links still work but would this cause any issues for the DNS services for inbound balancing? Would that need public IP addresses for the WAN interfaces? 2. I know I need a 210 for the HQ (for inbound balancing) but what is the minimum for the remote sites? My understanding is the 20 only does IPSEC VPN and presume this wouldn’t failover as only one tunnel would be possible. If I’m right Speedfusion is needed for failover in which case all three sites would need a 210. Is that correct? 3. The remote sites only have one line and if anything would only have a USB modem as a backup which would be a dynamic IP address and not ‘always on.’ So, is only one line OK for the remote sites and Speedfusion with a tunnel to each of the WAN links at the HQ? 4. The DSL lines are configured as negotiated but always receive the same IP so are effectively static IP addresses. Could the Peplinks be configured like this or would VPN/balancing be prevented where DHCP was selected for a WAN interface? Thanks in advance for your help. Tom
Any thoughts on any of this? Any help gratefully accepted.
Thanks,
Tom
Hi Tom.
Herewith a few comments.
- You are correct that the VPN will connect, but you need static WAN IP adresses if you want to configure inbound load balancing. Speedfusion does this automatically if you are only conserned for site-to-site traffic.
- Yes, Speedfusion will be your best option, and this is supported from the Balance 210 upwards.
- Speedfusion will automatically build a tunnel from the one link to both links at HQ. Please keep in mind the latency differences that will slow down your VPN traffic. You can however configure priority groups for your WAN connections (on HQ Peplink) so that your VPN will connect with your DSL and failover to wireless if needed.
- You can use DHCP for your WAN connections.
Hi CG
Thanks very much for your reply and for the clarification.
Thinking about it logically I’d realised both HQ links would need Public IP addresses to be returned by the onboard DNS server to requests. I’ve ordered a transparent USB modem for the DSL link so I can put the public IP on the Peplink interface and not a feed router. The wireless link has a pool of addresses so I’m fine there.
Thanks for the clarification on SpeedFusion and setting WAN links to DHCP (that did concern me).
In terms of the links the wireless WAN is actually the better link by far at 10Mb it is just that we do lose it from time to time which is very frustrating. The DSL is a lower bandwidth link but would enable us to keep running when the wireless WAN is out of commission (we are addressing that). The remote sites use thin client mostly and have only a few users so thankfully we can live with the DSL short term.
Thanks very much again for your help it is greatly appreciated.
Cheers,
Tom