Requesting suggestions on home use

Hi, to help deal with poor DSL ISP service, I plan to add cable service. I only have a very rudimentary knowledge of networks but managed to get the configuration on the left (current network) to work. On the right is what I think I want to move to. Given my skill level I really want to keep it as simple as possible. I have a few questons though:

  1. Am I right in assuming I want only one DHCP server (Peplink) and should turn it off on both modems to avoid conflict?
  2. I have a dozen or so ports forwarded to enable access to various IP cameras and other IoT devices through a single dynamic address (made static via DuckDNS). Do I need to forward these ports on both modems and the peplink or does the bridge mode mean I only need to set them up on the peplink?
  3. If one of the ISPs is down and happens to be the one I mapped to a static DNS, I assume I won’t be able to gain access externally and will have to map both dynamic DNS’s to different static DNS’s to be sure one will work. This sounds cumbersome since some apps (like IP Cam Viewer) only allow me to enter one IP address per camera. Is there a (simple:slight_smile:) way that a single static IP can be made to work if either WAN goes down?
  4. I would like the devices on the VPN network to have access to those on the unsecured network (doesn’t work on my current setup). Will my proposed configuration enable that?
  5. Is there a better way?

Thanks in advance for your feedback!

Here are the answers to your questions:

  1. You are correct there should only be one DHCP server and the VPN Wi-Fi AP would need to be in bridge mode.

  2. Port only need to be forwarded in the Peplink with the modems in bridge mode.

  3. A single static IP would not work as it cannot exist on both WANs. Two DDNS host names would be used for two different WANs with dynamic IPs.

  4. If the unsecured network behind the router gets a NAT, port forwarding would be required to reach the unsecured network.

  5. If you can turn off NAT in the router on the left, a LAN static route in the Balance One pointing to that router for the unsecured network would allow access providing no firewall rules are blocking it.

Thanks for your reply. I have run across another issue/question. I am unable to access the modem unless I connect a cable from it to a Peplink LAN port (in addition to the WAN connection). If I only have the WAN, everything works great but I cannot log into the modem (I assigned it a fixed local IP address :196.168.0.x). I there a way to enable access to the upstream modem without consuming one of the LAN ports?

You may enable Management IP Address. Please find below for more detail.