We use Peplink devices for remote commissioning support, connecting back to our head office via VPN. Often, we deploy these devices on existing networks where changes to the network configuration are not possible, and the Peplink modem is not set as the default gateway.
We would like to request that the Source NAT (S-NAT) feature be enabled to work in conjunction with the Virtual Network Mapping. Specifically, we need the option to apply S-NAT in addition to the existing Destination NAT (D-NAT) functionality. This would greatly enhance our ability to operate on networks where the Peplink device is not the default gateway.
You can do something like this by using pass through mode and outbound policy but its not very neat to configure
I had a look at outbound policy and it wasn’t clear to me how I could achieve this. Do you have any examples you could point me to where this is done.
For reference I am using IPsec VPNs and not Speedfusion if that makes a difference.
I don’t understand the use case fully. Which devices need to access the HQ over PepVPN existing or temporary ones for the commissioning process.
If you plug a peplink WAN into an existing network, then a PEPVPN can typically be built outbound to a HQ location and anything on the LAN of that peplink using it as a gateway can access the local host network resources via the WAN and also HQ over PepVPN.
If you want to seamlessly drop a Peplink into a host network so that all existing devices on that network can also access the HQ over PepVPN then drop in mode is great for that.
And if you want to give access to a local network over VPN from a remote location, plug the WAN of the Peplink into the local network and leave it in NAT mode and then you have source NAT.
Using the WAN port works a perfectly. I didn’t think it would route out that port when the health checks fail but it all works fine.
Thanks for your help.
1 Like