We have a few dozen Peplink Max BR1 Mini devices connected via private APN to an internally hosted InControl2 system. Most devices connect just fine, but we have a few devices that try (unsuccessfully) to connect via the LAN IP of the Peplink, rather than the Cellular IP. These are all on the same firmware 8.4.0 and are configured from a single template backup. The only changes are the LAN IP, GRE tunnel IPs, SIM (cellular IP) and the device name. I can’t find any reason these are trying to use the LAN IP. There is no overlap in any of the IP configurations. Is there a way to force the device to use a specific interface to connect to InControl2?
This may sound simple but I have to ask, but are you sure the subnet of the ICVA instance isn’t advertised/‘connected’ on the LAN side of your BR1 devices?
Hi Christopher. How many times have we both found some simple little oversight to be the cause of problems? So I appreciate your response and I’m sure this is going to be something similar. But, specifically our ICVA is on a 172.16.0.0/12 subnet and all the BR1 LANs are on 192.168.0.0/16 subnets. So there is no possibility for overlap there. Now, the Cellular IPs are also on 192.168.0.0/16 subnets, but I’ve been very careful not to have those overlap the BR1 LANs.
And if not, create an enforced outbound policy with your ICVA as the target and the cellular WAN as the path and drag it above the learned routes and see if that fixes it.
Hi Martin, We’re in NAT mode so the routing mode option you spoke of is not available. However, the Outbound policy does seem to have worked. Thanks!!!