when you say that both networks are accessible from external networks behind the ISP -
are these connected via VPN ?
are there any speedfusion VPN’s ?
are these on a private line such as MPLS ?
are there any static routes in the balances ?
are there routes in the ISP routers for those networks?
behind the balances in Drop-In Mode, im assuming there is a firewall in place ? - Just trying to get some ideas going
When I mentioned accessible from external networks, means both production & office networks can be reach from Internet via the ISP routers.
Sorry for the confusion.
The IP address 10.1.1.0/28 & 10.2.2.0/28 are for illustration purpose. Real life deployment, all devices are using public IPs.
The setup is very simple.
There’s no VPN, no Speedfusion VPN, no MPLS.
There’s no static routes in the balancers.
Routers only contains default route to Internet.
Yes there are 1 firewall behind the balancer respectively.
One thing I am wondering is why are the same WAN IPs reused across both Peplink units ( 10.1.1.3 and 10.2.2.3 ) . This would not work or is it a mistake in diagram ?
The most reliable solution here is to add routes on each ISP router for the other network. That way no matter which WAN (4 or 5) packets exit the other network can be reached.
If not possible then you could set an outbound policy for the remote network on each side. For example on Production Peplink set an outbound policy matching 10.2.2.0/28 and forcing it out WAN4.
I’ve tried your suggested - Setting an outbound policy matching destination subnet enforced out WAN 4. Doesn’t works.
Qns: Is there anyway I can tell the balancer what IP address(es) is on the outside the WAN rather than behind the LAN?
I’m looking at the Drop-In mode WAN port > Additional Public IP Settings (Whether my solution lies here or not?)
Just to put this thread to a closure.
The problem was resolved after upgrading my LB580 firmware to ver 6.1.0 build 2863 recommended by the support team.