Set a static route for one WAN connection in Peplink Balance 380?


#1

We have what might be a unique situation that we are attempting to deploy a Peplink Balance 380 in… We are using firmware version 5.4.9 build 2573.

Here is a diagram of what we are attempting to do:


Basically, according to our Datacenter provider (WAN 1 connection, where we have a dedicated circuit between our office and there), we need to configure a static route that states to send all traffic (0.0.0.0 255.255.255.255) to the other side of the circuit’s IP (10.120.2.81, their firewall). It sounds like this should work, as we don’t use internet load balancing or anything like that, the other two WAN connections are MPLS for our phones.

Does the Peplink support this type of static route? The static route section I see under LAN in the Peplink doesn’t seem intended for that… I’ve been fighting with this for almost three weeks now, any information would be helpful.


#2

Would I just need to set an Outbound Policy like:

Source: Any
Destination: IP Network 0.0.0.0 Mask: 255.255.255.255
Protocol: Any
Algorithm: Enforced
Enforced Connection: WAN 1

But then how would I set up the WAN connection? Like this?



#3

So I just tried the above configuration… no luck. Any ideas?


#4

What is your data center being used for? A certain software for your computers? If that’s the case I know at a few of our auto dealership clients they need access via an IPsec VPN to access a software for all their computers called dealertrack. This data center uses Cisco gear so the Balance works with it just fine. Then for our VoIP networks we create a separate VLAN and turn off the Inter-VLAN routing for the VoIP subnet.


#5

The datacenter will be hosting all our servers, as it has redundant power, internet, heightened security, etc. which our office does not. IPsec VPN didn’t work - it was slow, and disconnected often. So we had the datacenter install a dedicated 50 Mbps fiber connection between the office and the datacenter, and that is what we are attempting to configure above.

Leaving IPsec VPN out of the equation, is there any way to add a static route as I outlined above?


#6

When you say dedicated 50 Mbps are you talking like a Point-to-Point? If that’s the case then im sure they must configure the static routes as well on their end. I would also first update to the latest firmware 6.2.2 before anything else. From my experience with static routes, I have only used it in the scenario where we have more than 1 router at the same location as in they are on the same LAN network. Your outbound policy I would make everything ANY and enforce through WAN 1 like you have above.


#7

Yes, a Point-to-Point is what we have.

They said that they have configured the static routes on their end, and that I just need to configure on my end… which I don’t know how to do.

I can try to update to the latest firmware and make that Outbound Rule with everything listed as ANY - but I still need to configure the route, right? How would I do that?? Or do I not need to if the Outbound Rule is ANY?

Forgive me, I am very new (and very confused!) by Peplinks… I’ve only worked on Cisco ASDM previously.


#8

Go to network, then LAN, then type in under static routes the destination network IP. Ex: 10.181.34.0, 255.255.255.252, 10.181.32.1.

Then I would go to NAT Mappings and plug in the Network IP of your local subnet and map that to the WAN1 connection.

Try using OpenDNS as well.

Also, is your point-to-point connection even connected in the balance? (Shows Green)


#9

The Point to Point is connected in the balance, shows green and connected. When I try to add the static route under LAN, like you suggest, when I get to adding the Gateway, I add (as per the example above) 10.120.2.81 and it says that it has to be on the local LAN (i.e., an 192.168.1.0/24 address).

I can try OpenDNS for DNS servers.

I am not sure I understand the purpose of adding the NAT Mappings in the WAN 1 connection - do I add the 192.168.1.0/24 network, or the 10.120.1.0/24 network?


#10

I don’t know if static route is really what you want now thinking about it.
Try:
Outbound Policy:
Source IP: 192.168.1.0/24
Port: ANY
Destination: 10.120.2.80/30
Port: ANY
Algorithm: Enforced WAN1

*Nat Mappings:
192.168.1.0/24 outbound to WAN1


#11

Okay, we can’t take down the Balance380 constantly during business hours, so I configured a Balance 30 that we had as a spare, for testing purposes. So far, this is what we have.

Updated to Firmware 6.2.2:


Set the WAN connection:


Set the LAN connection:


Tried two different versions of the Outbound rule, stopping to test after each one:



Still not working. What am I missing?

I will reach out to make sure that they don’t have the Point-to-Point restricted by MAC address… but otherwise I am at a complete loss.


#12

Second, outbound policy is what I would do and also try turning nat back on for the wan and implement the nat mappings to wan1. But yes I would also check with the data center engineers as well. I had a similar issue with a wealth management firm and it ended up being the network engineers mistake at their data center.


#13

Turns out that yup, something wasn’t configured on their end - we finally got them to send a tech out and lo and behold, he couldn’t connect either from his laptop, taking the peplink out of the equation (his incredulous “It SHOULD work!” was a bit satisfying, I admit, considering they’d been telling us for weeks it was a peplink config issue).

Now we’re having another problem, but I will open a new thread for it. Thank you tjvoip45!