Manage my Balance 30 via WAN Port - Giving me trouble


#1

Hi,

I have installed a Balance 30 and I wish to manage it remotely via the WAN 1 port. I’ve set Web Admin Access to WAN/LAN and set the port to use SSL (443). I have set the allowed WAN IP Address to WAN 1 and have checked the interface IP. I have selected Allowed Source IP Subnets and have entered my public IP address here at my office (X.X.X.200). I can not seem to access it remotely. Is this Web Admin Access also affected by Firewall Rules? I have set an allow rule for my office IP address to the WAN interface IP but still can not access it. What am I doing wrong? Thanks!


#2

The Balance does not require any firewall rules for this. Does it work when you say “Any” for the allowed source IP subnets?


#3

I’ll have to go to the remote site and change that. I guess I’ll need to get someone to man the office computer while I’m at the remote site. I did change the default firewall rule to deny traffic from WAN to LAN so I was hoping that the web admin was independent of the firewall rules.


#4

Is your WAN IP displayed on the balance a public or is it getting natted?

The Web admin is independent from the FW rules. Essentially if you have it set to HTTPS (443) WAN and then choose the applicable public ips (Allowed WAN IP addresses) that you would like to come in on to reach the unit. See screenshot for details.

Basically: Allow web admin via https and through 172.16.1.251 (WAN interface needs to be a public IP address). To access remotely https:172.16.1.251



#5

The only difference in the way that I have it set is that I selected the radio button “Allow access from the following IP subnets only” and then entered my IP address from my office. The public IP that I get when I go to a site that tells me what my IP address is (it is fixed IP from my office T1). I’ll go and change that radio button back to “Any” and see if it works then. Thanks!


#6

I went to the remote site and logged into the Balance 30 from the LAN and removed the firewall rules. Basically opening all inbound and outbound traffic. I then went to the Web Admin settings and set it to allow management from WAN1 using SSL (443) on the Interface IP. I came back to the office and was able to log in to the web admin interface with no problem. I then changed it to “Allowed Source IP Subnets” and entered my office computer public IP (x.x.x.200) and when I saved it, it changed it to x.x.x.200/32. I applied the change and it dumped me an won’t let me back in. Any ideas? Don’t want to leave it open to the world.


#7

Hi Eric,

Can you verify your office public IP?

You may go www.network-tools.com to confirm this (please ensure you are sitting in office).


#8

I am running a balance 30 here at the office also. I have a wifi network on WAN1 and a T1 network on WAN2. I have the T1 IP Range NAT to private IP range, i.e. public X.X.X.194-222 to 192.168.2.194-222. My desk always gets 192.168.2.200 via the mac address assignment. I have an outbound rule that when 192.168.2.200 connects to the 24.X.X.X range (my remote set of IPs where the Balance 30 I’m trying to manage is) it should always use WAN2 so I should always appear as X.X.X.200. I use www.dnsstuff.com and it recognizes my IP as X.X.X.200 as does the site you recommended (network-tools). I am noticing something strange though, I log into my local Balance 30 here at the office and look at active sessions and I don’t see any entries for 192.168.2.200 trying to connect to the 24.X.X.X address. Maybe it is not an active session until it completes the connection.


#9

Hi Eric,

Appreciate if you can open ticket at https://cs.peplink.com/contact/support and turn on remote assistant for us to check further. Please refer this link to enable remote assistant http://www.peplink.com/knowledgebase/how-to-enable-the-remote-assistance-service/

Thank you.


#10

Are you able to ping the WAN interface IP remotely? If so, as TK pointed out, create a support ticket and we will go ahead and get this resolved.


#11

I appreciate all of the help. The router is at a remote site and since I can not get into from my office here I’ll have to go there and enable remote assistance. Once I am able to do that, hopefully tomorrow, then I’ll go ahead and open a support ticket. Thanks again.