We have two (2) PepLink Balance 380 devices, running in firmware 6.2.0 build 3244, that we set up for SpeedFusion VPN. Let’s assume that device A is our main office’s device and device B is the remote office’s with 2 WAN connections in each office.
VPN is working fine. Our only problem is we would like to have the remote office to utilize the WAN connections it have for certain policies that we wish to implement. Currently, all traffic is being sent to the PepVPN for our main office’s firewall to handle it. And we plan to have our remote office to utilize its WAN connections for outbound policies: just like visiting a website that is initially blocked from our main office.
I already tried enabling Expert mode in device B and set up sample policies for us to test (see screencapture image). But it did not do the trick. Anyone here who can help us?
Look like you are establishing L2 SpeedFusion between B380 since you mentioned you set the gateway of the workstations in the remote office to be directed to the Firewall in the main office. If my assumption is correct, L3 SpeedFusion is more suitable for this setup and Expert Mode in remote office will be work as expected.
I apologize to have not responded to this thread for a long time. We just let our current connection be still for a moment since we have aided to another major issue not related to our network, which we already resolved. Now, it is imminent that we need to implement the above situation that we wish. And yes, you are correct, we enabled L2 pepVPN bridging in our current speedfusion vpn setup.
We are now on the process of setting up a schedule to have this tested. I wish to gather as much information as I can before we test this out.
So, just to clarify about your response, I just need to disable the L2 pepVPN bridging option to make it a L3 SpeedFusion, right? And by L3 SpeedFusion VPN, it is like IPSec VPN, right? After that, what will be the gateway that we need to set to our remote office’s workstations? Is it the peplink balance 380 lan ip of the remote office?
Basically, all our internal servers are connected in the main office. And we set them to have class c static ips where the remote office workstations use to connect to the servers with their respected applications. For example, we have an accounting application that our remote office use and the server is housed in the main office. When they open the application, they need to type in the ip address of the server before they can login. For now in the current setup, we don’t have any problems with this since the gateway of our remote office workstations are set to the main office firewall. And the firewall is handling the routing going to our internal server here in the main office.
So, there are two things that we need to work and be sure of:
1.) Remote office workstations will be able to use their applications and have it connect to our main office’s internal servers.
2.) Remote office workstations’ internet connectivity will be handled by the remote office peplink balance 380. Be it that certain websites go out directly using the remote office WAN connections that we wish to set in the outbound policy. And that most of the websites should still pass through to the vpn so that our firewall will handle the traffic.
I believe that the 2nd requirement can be set in the outbound policy of the remote office peplink balance 380 with expert mode enabled. I attached pepVPNnow.jpg portraying the rough network diagram of our current setup. And pepVPNplan.jpg portraying the ideal network diagram that we are planning to implement to utilize the remote office’s WAN connections for internet connectivity.
I just need to disable the L2 pepVPN bridging option to make it a L3 SpeedFusion, right?
Yes.
And by L3 SpeedFusion VPN, it is like IPSec VPN, right?
Yes.
After that, what will be the gateway that we need to set to our remote office’s workstations? Is it the peplink balance 380 lan ip of the remote office?
Yes.
This can be achieve after L3 SpeedFusion was established. Please ensure you configure static route on Balance 380 (Network > LAN > Static Route Settings) for internal servers.
This can be achieve with L3 SpeedFusion + Exper Mode.
