Step-by-Step Guide: Configuring Iridium as a Backup WAN and Enabling Out-of-band Management with Peplink Routers

Knowledgebase
1

Device: BR1 Pro 5G (with active PrimeCare)
Available WAN Connections:

  • Satellite LEO (via Ethernet WAN)
  • Cellular WAN (5G/LTE)
  • Satellite Iridium (Virtual WAN)

Objective:
Configure the BR1 Pro 5G for use with Iridium as a backup connection, and enable InTouch to access remote LAN-side devices via this satellite link.

This guide provides step-by-step instructions to:

  • I. Enable the Virtual WAN interface for Iridium
  • II. Configure SpeedFusion for failover and secure and reliable traffic routing over Iridium
  • III. Configure Outbound Policy to route traffic through SpeedFusion over Iridium only when all other WAN connections are unavailable
  • IV. Set up InTouch for remote access to LAN-side devices

Note: This document demonstrates a basic configuration. Alternative setups are possible depending on specific deployment needs, but the following serves as a recommended reference for most standard use cases.

I. Enable and configure Virtual WAN

Notes:

  • The BR1 Pro 5G has one Virtual WAN enabled by a valid PrimeCare subscription.
  • A permanent Virtual WAN license (SKU LIC-VWAN) can be purchased if there are no plans to continue using PrimeCare subscription.

Step 1. Open Virtual WAN settings

  • Connect to the router WEB configuration interface.

  • Go to Dashboard and click on virtual WAN interface - VLAN WAN 1.

1600×621 133 KB

Step 2. Change Virtual WAN settings

  • [optional] Change WAN connection Name to any you prefer.
  • Uplink Interface change to LAN.
  • Change the VLAN setting to an unused value. In our example we choose 10.

957×672 125 KB

Step 3. Save and Apply

  • Scroll down and click Save & Apply.

Step 4. Configure which LAN port will be used as Virtual WAN

  • Go to Network (top) tab and then click Port Settings (left side)

1020×372 90.9 KB

  • Click on the port you want to assign as WAN. In our example we will configure LAN2 interface as WAN.

997×444 75.6 KB

  • Port Type change to Access.
  • For VLAN Networks select the VLAN which you assigned for Virtual WAN. For this configuration example it is 10.
  • Click Save and then click Apply Changes as shown below

1013×410 86.4 KB

Step 5. Enable Virtual WAN interface

  • Drag the Virtual interface to priority 1 as shown. The result is shown below

1001×382 95 KB

II. Enable and configure SpeedFusion Connect

Step 1. Open Virtual WAN settings

  • Go to SF Connect (top) tab and click on Client Mode - for Outbound accesses

799×258 46.3 KB

Step 2. Select SpeedFusion location

  • Select SpeedFusion server location and then click the green box to save settings.
  • Click Apply Changes.

1045×390 77.8 KB

Step 3. Configure SpeedFusion tunnel

  • Click on the tunnel name

1010×238 60.3 KB

  • Set Forward Error Correction to High.
  • Disable all WAN connections and leave only Iridium since we plan to pass SpeedFusion traffic only via Iridium.

763×803 126 KB

  • Scroll down and click Save.
  • Click Apply Changes.

III. Outbound Policy configuration (traffic steering rules)

Note: for this example we pass traffic via Iridium using SpeedFusion only when other WAN connections are down. WAN connection is marked as not available based on Health Check settings for each WAN interface.

Step 1. Modify Outbound Policy for primary WAN connections

  • Go to the Advanced (top) tab and click on Outbound Policy (left side).
  • Click on the main Policy rule to adjust it.

1001×265 77.6 KB

  • Select Algorithm as Priority
  • Change Protocol to Any
  • Change Port to Any
  • Modify Priority Order by leaving only WAN connections which are used as primary. All traffic will be load balanced via these WAN interfaces as long as they are available.
  • Change When No Connections Are Available rule to Fall-through to Next Rule.

988×570 120 KB

  • Scroll down and click Save.
  • Click Apply Changes.

Step 2. Create a rule for passing traffic via Iridium.

  • Click on Add Rule

1001×248 76.5 KB

  • Set Service Name. In our example it is Iridium backup.
  • Change Destination to Any.
  • Change Algorithm to Enforced.
  • For Enforced Connection choose SpeedFusion tunnel name. In our case it is SFC:SFC.

Note: it is also possible to configure to allow only certain traffic via Iridium. For instance by using Source you can define by IP Address or MAC or client type, etc.

978×410 86 KB

  • Click Save.
  • Drag and drop iridium rule to the bottom as shown in the example

1007×342 113 KB

  • Click Apply Changes.

IV. Configure InTouch to securely connect to remote devices

Note: via InTouch you can access devices connected to WAN or LAN ports of a Peplink router.

Step 1. Connect to InControl and open InTouch configuration

  • Log into your InControl2 account at https://incontrol2.peplink.com
  • Select the Organization, then Group of the router you want to access devices behind
  • Click on the router device from the group to open the Device Details page
  • Hover over the Settings tab and select InTouch

915×284 51.1 KB

Step 2. Configure InTouch

  • Click Add to add new device accessible via InTouch service
  • Create a friendly name for a device and then fill in other settings such as device IP address, port and click Save Changes.

1258×349 51.3 KB

797×530 27.7 KB

1410×339 37 KB

Step 3. Access Remote device via InTouch

  • Go device Dashboard in InControl. Click on InTouch and select the remote device you want to access.

1143×247 47.3 KB

  • A new page will open and you will be connected to the remote device WEB configuration interface.

974×535 59.8 KB

6 Likes