Site-to-site VPN with MPLS VPN

Today my scenario is as follows:

  • A central site with an 30 Mbps exit link to the Internet;

  • Twenty brach offices, connected to the main site trough an ISP VPN over MPLS links - note: remote sites don’t access Internet directly, they’re routed to the main site to go to the web.

We are studying to place a backup network to the MPLS with Peplink. Our goal is to put a Peplink 1380 appliance in central site and one Peplink 380 appliance in each remote site so we can make site-to-site VPN using DSL links in the branch offices.

Reading the documentation, we considered the following schema:

  • On branch offices, WAN 1 gets MPLS link and WAN 2 the DSL link;

  • On main office, WAN 1 gets static external IP address and WAN 2 gets the MPLS VPN link.

  • Create the VPN S2S pairs in the main office with each one branch office and in each branch office with only the headquarters.

Our main questions:

  • Is our proposed design ok?

  • How to put the DSL links in branch offices in a backup setup - i.e., used only if MPLS VPN is down?

  • How to route all the Internet traffic from branch offices to main office? Is it possible to use Peplink balancing rules inside de VPN Tunnel?

Thanks in advance!

You proposed design is good.

In Site-to-Site VPN configuration page, you can select “WAN Connection Priority” (Please refer the screenshot of step 4 in the following URL), WAN1(MPLS) is first priority, WAN2(DSL) is second. Then, WAN1 will be used in 1st priority, and WAN2 will only be used if WAN1 goes down.

In order to route all Internet traffic to main office over Site-to-Site VPN, you can create a Custom Outbound Policy for any traffic with specific Site-to-Site VPN connection. For the details, please refer the following article