I’m trying to set up Cisco VPN access into a site that does not have a direct Public IP on its Balance 380 router.
It is connected via an IP forwarding link to a Balance 580 hosted at another site.
The layout is as follows:-
Site 1 Balance 580
(WAN1) 196.14.x.x
(LAN) 10.0.1.248 - With static route to 10.0.66.0
Site 2 - Balance 380
(WAN1) 10.0.1.253 = IP Forwarding link with DG of 10.0.1.248)
(WAN2) 192.168.8.41 = Static IP connected directly to Cisco Concentrator with IP of 192.168.8.42)
(LAN) 10.0.66.254 - No Static routes configured
I have set up a Cisco VPN Service on Site 1 Balance 580 pointing to 10.0.1.253 / Port 8443
I have set up another Cisco VPN service on Site 2 Balance 380 pointing to 192.168.8.42 / Port 8443.
However port tests on the Balance 580 at site 1 show that Port 8443 is closed. Have I missed something or is this even possible?
I cannot host the Cisco concentrator at Site 1 (for non-technical reasons).
I have never done port forwarding on a balance from WAN to WAN like you are trying to do on the B380 so am not sure if that works - could the CISCO sit in a VLAN on the B380 instead?
I assume the CISCO has a route for the 10.0.1.0/24 network (on the B580) pointing to WAN2 (192.168.8.41) of the B380?
I would suggest this topology will be easier to make work:
Your topology diagram of our setup is exactly right.
A VLAN option on the B380 does make a lot of sense. I hadn’t thought of that.
Let me give it a try and see how it goes. It may take a while though because the site is in another country and I don’t have direct access into the Cisco box at the moment.
You can do this configuration remotely by reconfiguring a WAN port into a LAN port. Juste make sure the other WAN connection is stable to keep remote access.
I’m not sure but you could maybe consider using Layer 2 tunnel between the 2 sites. If you change ip addressing on one side or another, you don’t need to maintain a forwarding table in between.
Hello @Vard0,
What version is your firmware and what is the hardware revision, if your hardware revision is new enough then a firmware update should enable these features.
Happy to Help,
Marcus
The latest firmware version for a HW V5 B380 is 6.3.4 you should definately upgrade to that anyway as it includes security and bug fixes. https://www.peplink.com/support/downloads/