Inbound Traffic


Two ISP with 2 subnets (with diffrent bandwidth ) Prefered is ISP 1

I am already having outbound policy ,this is working fine

Now I have a webserver which is natted to an IP which is belongs to ISP 1 on ASA firewall
So I am not NATing on peplink

The problem is , I don’t have an inbound policy

The requirement is ISP 1 fails the inbound traffic should come through the ISP 2 . Please note that I am not looking for loadbalancing inbound traffic

please help ,How can I acheive this

I can do one to one NAT .One problem is I have prefernce for ISP , The prfernce is ISP 1 .

If I nat on pepling to an IP which is belongs to ISP 2 , the traffic will always go through the second ISP

And How can I solve the DNS resolution

The DNS is hosted at ISP 1 ,

Please help

Just to make sure my understanding of your set-up is correct:

  • Two routable ISP feeds, with two different “breakout” addresses, say A and B
  • One (Balance?) multi-WAN Peplink router, with A and B being two (of the) WANs. Call it “Router”
  • Outbound rules work - you can direct outgoing traffic to A or B as you see fit. The recipient of traffic through A or B will see the routable A (or B) breakout address as the source.
  • You want the breakout address to be the one used by devices contacting Router
  • A is preferred for incoming access whenever available, B only when A is not
  • You have a DNS name for traffic destined for the above Router, say “”.

You want the traffic addressed to to be sent to A, unless A is down, in which case it should go to B.

Suggested solution
First of all - this is a DNS challenge (as you point out). You want a DNS resolution for to resolve to A or B as appropriate.

One way to achieve this is for Router to update a dynamic DNS server with its preferred IP address as A whenever A is available, and B if A is not.

Peplink’s Find My Peplink Service will handle it:

  1. Enroll Router in InControl2
  2. On the Device Detail page, activate “Find My Peplink Service”
  3. Provide a name in “Find My Peplink Address” (e.g. “MyRouter”)
  4. That creates a FQDN, “”. It will resolve to the IP address Router employs to contact IC2.
  5. Create an outbound policy on Router that prioritizes WAN1 for connections to IC2. Create a new priority rule, the source being “any”, the destination being “”, the protocol being UDP and the port 5246. WAN1 as priority 1, WAN2 as priority 2. (If you don’t want the domain check, simply omit that component and require all traffic to UDP port 5246 to go to WAN1 if available, which is what you want anyway)
  6. Create a CNAME record at your DNS server, “ CNAME”

That should do it - all access to will resolve to A (if up), and to B (if A is down).




What does it mean by the above


And one more question

If i can add dns for from the PREFIX A and the from the Prefix B
like below in my domain registrars DNS server (external ) ( from ISP A) ( from ISP B)
What need to be done from the peplink side


It means that I expect you want the traffic addressed to to be sent to A, unless A is down, in which case it should go to B.

In other words, that should resolve to the public IP address A or B, depending on which one is up.


What you describe seems to be a different approach than the one I suggested. I must admit that I do not understand the particulars of what you propose, so I cannot answer your question.


Hi ,

Is it possible do active -active scenario

second thing

is a subscription based service ?


Please explain specifically what that means.

InControl2 (“IC2”) is a network management service for your Peplink devices (see The 1st year is covered by your purchase warranty, subsequent years may be covered in various ways (e.g., as part of one of the Care packages, or by a direct subscription). The cost depends on the kind of device you are enrolling. I believe it starts at US$29/year.



Hi ,
I have attached my topology for better understanding .
and this is my current setup .

The requirement is if ISP-A is down , users should reach the web server behind the firewall through ISP-B

This sounds like a DNS issue - you want the users/clients (on the internet side of things) to gain access to your web server by means of ISP A (preferred) or ISP B (if A is down) without having to do anything on the client side of things (in other words, invisibly).



Hi @zegor_mjol
Thanks for your reply . I got confused when you said the below

What you are saying by

I assume you are saying about the peplink’s fqdn or is it applcable in my situation

By the way , i subscribed incontrol2 ,but I could not find the below

Thanks” is used in the posting as representative for whatever FQDN you use for your router as seen from the internet side of things.


When you enable “edit” on your device in IC2: