Public ip in client side


#1

hello

i have balance 380 and how to give public ip in client side as shown in diagram, please help

thank you


#2

Drop-in mode deployment allows the public IP to be on the client side LAN.


#3

hello ron
now i understand how the drop in mode works now my current setup both location have peplink on the HQ balance 380 and the remote balance 210 and the vpn works solid but the another setup is we put unifi security gateway under balance 380 the reason is all switches, ap’s in the local side are unifi. im not sure if the pepvpn will passthrough in unifi security gateway do u have any idea possible it will work?

check the diagram.


#4

Two steps are needed for this scenario and it will work:

  1. Configure a LAN static route in the Balance 380 at the HQ.

192.168.100.0/24 pointing to 10.10.10.3

  1. Configure NAT exemption policies in the Unifi Security Gateway for each direction.

Source = 192.168.100.0/24 and Destination = 192.168.1.0/24 = Don’t NAT

Source = 192.168.1.0/24 and Destination = 192.168.100.0/24 = Don’t NAT

The Balance 380 will then see both 192.168.100.X and 10.10.10.X IP addresses from the Unifi and it routes the 192.168.100.0/24 network through the VPN.


#5

hello ron

i have another question, if i tick the dhcp under wan 3 drop in mode the other existing vlans will not be over written or deleted?

thanks


#6

You can have VLANs with a drop-in mode deployment but the VLAN networks will not get a NAT when going out the drop-in mode WAN. Outbound policy rules can prevent VLAN networks from using the drop-in mode WAN however. The DHCP server will be overwritten for the untagged LAN.