Hi -
I will be configuring three routers across as many states (No bonding as yet). I am supplanting SonicWALL routers. I have 10.10.10.xx (Site1), 10.10.20.xx (Site2), and 10.10.30.xx (Site3) LANs to tie together over the internet and the VPN.
I have setup the PepVPN so that Site1 connects to Site2 and Site3. Also, have configured Site2 to connect to Site3.
Do I need to create a VPN connection at each point for the other two? I believe I will need static routes to achieve the connectivity I’m looking for (I have Exchange 2010 / Server 2008 w/AD in each location).
I would like to have some reasonable certainty that the new routers will work as I plan before I’m thousands of miles away from each in a production environment.
Can someone please tell me what configuration I need to accomplish my goal?
Hi Kevin,
We recommend full mesh between main sites, hub and spoke between main sites and remote branches. Please refer here for more details.
You may find full mesh, hub and spoke configuration in our knowledgebase as well.
Full mesh is what I’m looking for, thanks.
Do I need to add static routes in each router to properly connect the subnets, or will the PePVPN learn these automatically? The static routes I’m thinking of woukd just route all LAN traffic to the WAN port on each router…
Routing is automatic with SpeedFusion so no static routes are required for the primary LAN networks.
Just to be absolutely certain…
I will just add a VPN connection in each router for the other two. No static routes will be added. I will have full connectivity between all three subnets from each site.
Sounds too easy, but everytime I go to do something new with a PePlink product, they appear to have anticipated my need.
Also, I’m using PepVPN. Isn’t speedfusion employed when I have more than one WAN connection (I have only one in each location and haven’t purchased the speedfusion add-on).
Yes, it is that easy so enjoy your Peplinks! SpeedFusion can be added to your Balance One if you get additional WAN links in the future. You can have an unbreakable VPN for session persistence and bond these WAN connections together for additional bandwidth. It is best to use similar WAN links for bonding performance.
Perfect! I will be so glad to be rid of the SonicWALLs for this client.
Thanks so much for you’re help!
Crap! I just found out that my client has a satellite office in one of its locations. When I go to add the third PepVPN it tells me I have a limit of 2 connections. Do I just purchase a speed fusion upgrade to be able to add a third connection? As I was hoping for full mesh between the three offices, I believe I will now do that and then just add a spoke for this newly discovered location (I believe I have only two seats in this location). While things might route a bit more slowly for this location, I would then have to only upgrade the one router with a speed fusion license as the rest then only need two connections each. WOuld this work, or do I have to have speedfusion in all locations if I have it in one?
(EDIT) I turned on the trial of SpeedFusion and it doesn’t effect the PepVPN connection limit of 2. SO, I guess some combination of PepVPN and IPSec? Maybe I just can’t do this?
Hi Kevin,
Balance One only support 2 PepVPN/SpeedFusion tunnels. If this satellite office is a remote office, I suggest Hub and Spoke instead of Fully Mesh. Please find the recommended design below.
This is a very nice picture, but doesn’t really help me. I believe it would imply that there a 4 main locations and 8 remote offices. If the 4 employed 380s (Or what ever model supports more than 2 connections), I could implement with pure PepVPN.
As I have only Balance One routers in each location (3 office, 1 remote office), how do I implement spoke and wheel? Can I make an IPSec connection between the one office and the one remote office?
Just to make sure I’m doing this right…
If I refer to my offices as A, B, and C (Let’s forget the remote office at the moment), in the A router, I add PepVPN connections to B and C. In B, I add connections to A and C. In C, I add connections to A and B. Is this right? If I establish a connection from A to B, do I also need a connection from B to A? If not, I can implement this with room to grow…
I would set this up as a Partial Mesh. All locations will be able to talk to each other and Redundancy is still there.
Each Balance One can support 2 tunnels.
Site to Site requires that you configure both ends to point to each other which would take up 1 tunnel from the MAX of 2 that they can connect to.
PepVPN tunnel setup.
A>B
A>D
B>A
B>C
C>B
C>D
D>C
D>A
Can I ask one more question?
If I have two of these routers and make a connection from A to B, is this a two way connection, or only one way? I am worried about the proposed setup because one of these sites is on a very slow DSL line, and I don’t want to force all my server traffic (AD replication etc) to have to traverse this connection.
In my example, would setting up connections from A to B, A to C, B to C and C to D provide full connectivity (Just no redundancy)?
Sorry to be a bother…
Hello,
You proposed setup would not work as site C would have 3 tunnels created when it is only capable of 2.
If I have two of these routers and make a connection from A to B, is this a two way connection, or only one way?
A>>PepVPN<<<B
Each side can have a total of 2 PepVPN tunnels created. This would take away 1 from each side. So A and B can have 1 more tunnel connected to each of them.
Either way you look at it, The Balance One can only have a total of 2 SF tunnel profiles created.
OK, so A to B counts as one connection at each site and decrements the available connections left. If I program A to connect to B, should I also be programming B to connect to A?
Hello,
For SpeedFusion to connect you will need to make a SF profile in A to point to B and then create another profile in B to point to A. Similar to any Network-to-Network VPN setup.
I won’t be employing SF (Just yet anyway). So, A to B REQUIRES B to A.
Thanks.
Correct, similar to the way you would setup PepVPN or IPsec
Can I use a combination of PepVPN and IPSec? I would much rather use the PepVPN to connect the three main offices, and then a single connection between one of the offices and this fourth, tiny, slow link office.
So, I could program one of the routers with 2 PePVPN and one IPSec, and connect the one, very small office on the slow link to just connect via IPSec?
