Server accessible externally but not internally via public IP - Ports Forwarded via SpeedFusion


Here’s our topology:

Public IP → WAN 1 on Office Router → Server IP + Ports Forwards defined on Office Router → SpeedFusion Tunnel → Branch Router → Server Network / subnet → Server

Anybody on cellular or an external network has no problem accessing this server via Office Router’s Public IP and defined ports. Anybody connected to the Branch Network router is not able to access these same resources via the Office Router’s Public IP. I’m aware we could access these resources via the internal private IP but this is problematic for our overall workflow / client side configurations.

Has anybody found a solution for this or come across this before? I’ve encountered this with multiple orgs and various Balance models.

Thanks in advance for any help / insight.


Hi Ryan,
is “split DNS” a possibility for you?
Meaning you create a DNS record on your internal DNS Server resolving to the private IP and creating a DNS record on your public DNS Server resolving to the public IP.
Kind regards

1 Like

Hi Johannes,

That might work - I will give it a shot.

Thanks for the reply!


I think your SpeedFusion tunnel sees the target IP exists at main office and tries to route the traffic through the tunnel. Something doesnt work with either the port forwarding or the firewall.

Try an outbound route in the branch router. Force destination to the target external IP through the branch WAN. The should stop it from going through the VPN. As a test you could first disable the VPN and see what happens.