inControl2 connectivity on Verizon private cellular network?


#1

Does anyone know if the Max-BR1 units can commnicate with inControl2 if moved to Verizon’s private IP network. The Verizon private network would terminate to our network via ipsec where we would have to provide Internet access/routing. In speaking with Verizon they said it didn’t work with inControl but didn’t know about inControl2. I would think it would work if the Max-Br1 is initiating a tunnel much like pepvpn into inControl2 and inControl2 talks back over the tunnel.

Thanks,

Mike


#2

In doing a little research I got this as a requirement for terminating the Verizon private ipsec tunnel. I found out this about “Transport Mode” which may be the cause of management portals not working.

  • NAT traversal is not supported with the transport mode.

These are the requirements for a device to terminate the Verizon private network. Do any of the Pepwave units meet these requirements?

The device used to terminate a Verizon Wireless Private Network VPN must meet the following criteria:
· Terminate IPSec tunnel in Transport mode.
· Terminate GRE tunnel.
· Run BGP.
· May not be a Juniper device unless it’s older Juniper CPE (SSG series) running ScreenOS (JunOS devices only support Tunnel mode and will not work on Private Network).
· May not be a Cisco or Juniper firewall/ASA.
· Any device other than a Cisco router may work, but it will be up to the customer to ensure it meets the IPSec, BGP and GRE requirements.

*Note that Verizon Wireless will not be able to offer any configuration support or guidance on any device other than Cisco routers.


#3

The BR1 is already certified for use on the VZW Private Network. It should also work with IC2 as long as it is able to make an outbound connection using port 80/443 to the IC2 server.


#4

For the IPsec question, Peplink / Pepwave devices which support IPsec is working in Tunnel Mode, which is a network-to-network VPN. While IPsec in Transport Mode is actually a host-to-host thing which is not supported.

In Verizon Wireless Private Network, actually they are routing back to the customer’s own network as shown in the following image:


So as Tim said, as long as the customer’s network allow for outbound connection to IC2, it should work well and this kind of configuration is not related to IPsec tunnel.


#5

Tim S.;13544]The BR1 is already certified for use on the VZW Private Network. It should also work with IC2 as long as it is able to make an outbound connection using port 80/443 to the IC2 server.

As far as 80/443 requirements I had opened a ticket for a unit I couldn’t get to connect to inControl2 and got this back from support.

“Please make sure that they are not blocking ac1.peplink.com and ac2.peplink.com on UDP 5246”

So support is saying UDP 5246 must be open versus 80/443


#6

This is correct, please make sure that port is open. Thanks -Tim