InControl2 data traffic and offline PepVPN peers


I have a setup as described in the photo below, and i run my own instance of InControl2 appliance. I have two questions:

  1. As seen in this post, UDP 5246 is used for “InControl Data flow”.
    Can anyone explain a little more detailed what this traffic is?

  2. When the HD4 router goes offline, it looks like IC2 keep trying to send traffic to the HD4’s Untagged LAN IP. The traffic is however directed towards the external router. I guess this happens because the HD4’s LAN IP prefix dissapears from OSPF and there is a static default route on the Balance router.
    Is there any way to stop the traffic from IC2 going out to the external router when the HD4 goes offline?

InControl2 uses CAPWAP for command and control of settings and data to and from the remote devices.

Only thing I can think of just at the moment is an outnbound policy on the B2500 with the B2500 LAN IP ranges set as destination, type enforced and then connection set to an unused WAN.

The policy will only be used when there is no learned OSPF route and should do what you want.

Thank you for the quick response, Martin! I will post an update once i have tested your solution.

Your solution has worked somewhat. We are now only seeing one packet at the external router each time the HD4 goes offline.
Is there anything else we can do in order to stop this completely?