LB-20 to LB-380 IPsec Redundancy


#1

Hi All, Need Help on working on a solution. We have a Head Office and multiple branches with Point-Of-Sale systems. At HO we have two ISP connections each with Pool of Static Public IP addresses. At each branch we have a single wired ISP connection (Dynamic IP address) and a 3G connection. We are planning to find a solution (within budget) to establish a redundant VPN connection between the POS and the HO. We are seeing LB-380 at HO and LB-20 at each branch (to reduce the cost). Since LB-20 does not support SpeedFusion, we are left with IPsec as the VPN option. Please advise how to configure the IPsec on the LB-380 and LB-20 so that at any time the wired ISP connection at the branch fails, the traffic will start to flow over IPsec VPN over the 3G connection. Also, in case ISP#1 connection fails at HO, IPsec traffic will use ISP#2 connection.
How best to achieve that?
Many thanks


#2

The answer to this is SpeedFusion self-healing VPN technology. The VPN tunnel will stay UP regardless of individual connection status at any location.

The customer needs to understand that this is a premium feature and it demands a higher price tag. This is similar to wanting the power and luxury of a Mercedes Benz, but only with a budget for a Honda :slight_smile:


#3

Does that mean there is no way to do it with IPSec? Where is the limitation exactly to implement it with IPSec?


#4

Some more questions:
Q1: Can we prioritize traffic to flow over one IPSec Tunnel connection, but when that tunnel is disconnected, traffic flows over a second WAN/IPSec connection? Can we involve the IPSec connections in the Outbound Rules?
Q2: Does the Peplink Balance support WiMax USB dongles working in WiMax Mode?


#5

If the IPsec connects through WAN1, if WAN1 goes down. IPsec can be connected over WAN2. In addition, IPsec traffic is not controlled but Outbound Policy, in other terms, IPsec traffic will have higher priority than Outbound Policy.

Regarding the USB dongles, Peplink supports WiMAX USB dongles, for further details, you can refer here


#6

Thank you for the clarification. Is it planned in future firmware to route traffic IPSec in Outbound Policy?