1. Home
    2. /
  2. Manuals
    3. /
  3. Peplink
    4. /
  4. Balance_One
    5. /
  5. 20
Page 96 / 234 Scroll up to view Page 91 - 95
USER MANUAL
Peplink Balance Series
-96 / 234 -
Copyright © 2014 Peplink
sure to enter a unique peer ID number in the
Remote ID
field.
Pre-shared Key
This optional field becomes available when
Pre-shared Key
is selected as the Peplink
Balance’s VPN
Authentication
method, as explained above.
Pre-shared Key
defines the
pre-shared key used for this particular VPN connection. The VPN connection's session key
will be further protected by the pre-shared key. The connection will be up only if the pre-
shared keys on each side match. When the peer is running firmware 5.0+, this setting will
be ignored. If you would like to prevent the display of the pre-shared key, check
Hide
Characters
.
X.509
This optional field becomes available when
X.509
is selected as the Peplink Balance’s VPN
authentication method, as explained above. To authenticate VPN connections using X.509
certificates, copy and paste certificate details into this field. To get more information on a
listed X.509 certificate, click the
Show Details
link below the field.
NAT Mode
Check this box to allow the local DHCP server to assign an IP address to the remote peer.
When NAT Mode is enabled, all remote traffic over the VPN will be tagged with the
assigned IP address using network address translation.
Remote IP
Address / Host
Names (Optional)
If NAT Mode is not enabled, you can enter a
remote peer’s WAN IP address or
hostname(s) here. If the remote uses more than one address, enter only one of them here.
Multiple hostnames are allowed and can be separated by a space character or carriage
return. Dynamic-DNS host names are also accepted.
This field is optional. With this field filled, the Peplink Balance will initiate connection to each
of the remote IP addresses until it succeeds in making a connection. If the field is empty,
the Peplink Balance will wait for connection from the remote peer. Therefore, at least one of
the two VPN peers must specify this value. Otherwise, VPN connections cannot be
established.
Data Port
This field is used to specify a UDP port number for transporting outgoing VPN data. If
Default
is selected, UDP port 4500 will be used. Port 32015 will be used if the remote unit
uses Firmware prior to version 5.4 or if port 4500 is unavailable. If
Custom
is selected,
enter an outgoing port number from 1 to 65535.
Layer 2 Bridging
A
To make this option visible, click the question mark icon appearing at the top right of the
PepVPN Profile settings section, and then click the displayed link.
When this check box is unchecked, traffic between local and remote networks will be IP
forwarded. To bridge the Ethernet network of an Ethernet port on a local and remote
network, select Layer 2 Bridging. When this check box is selected, the two networks will
become a single LAN, and any broadcast (e.g., ARP requests) or multicast traffic (e.g.,
Bonjour) will be sent over the VPN.
Bridge Port
A
When Layer 2 bridging is enabled, this field specifies the port to be bridged to the remote
site. If you choose
WAN
, the selected WAN will be dedicated to bridging with the remote
site and will be disabled for WAN purposes. The LAN port will remain unchanged.
VLAN Tagging
A
This field specifies the VLAN ID with which the VPN's traffic should be tagged before
sending the traffic to the bridge port. If no VLAN tagging is needed, select
No VLAN
. To
define a new VLAN ID, click
More...
and input the VLAN ID. VLAN IDs that are not
referenced by any VPN profiles will be removed from the list automatically. The default
value for this field is
No VLAN
.
STP
A
Checking this box enables spanning tree protocol, used to prevent loops in bridged
Ethernet LANs.
Page 97 / 234
USER MANUAL
Peplink Balance Series
-97 / 234 -
Copyright © 2014 Peplink
Preserve LAN
Settings Upon
Connected
A
The LAN port is chosen as the bridge port. Selecting this option preserves LAN settings
(e.g., LAN port IP address, DHCP server, etc.) when the Layer 2 VPN is connected.
Uncheck this option if the LAN IP address and gateway will use remote LAN settings.
Check this option if the LAN IP address and local DHCP server should remain unchanged
after the VPN is up. If you choose not to preserve LAN settings when the VPN is
connected, the device will not act as a router and most Layer 3 routing functions will cease
to work.
Configure
A
This setting specifies how a management IP address is acquired for the bridge port in the
specified VLAN (if defined) when the Layer 2 bridge is connected. Choosing
As None
will
result in no IP address being assigned to the bridge port for the Layer 2 connection.
A
- Advanced feature, please click the
button on the top right hand corner to activate.
WAN Connection Priority
WAN Connection
Priority
These settings specify the priority of the WAN connections to be used in making VPN
bonding connections. A WAN connection will never be used when OFF is selected. Only
available WAN connections with the highest priority will be utilized.
To allow connection mapping to remote WANs. click the question mark icon found at the
top right of this section, and then click the displayed link to reveal the
Connect to Remote
drop-down menu.
Send All Traffic To
This feature allows you to redirect all traffic to a specified PepVPN connection. Click the
button to select your
connection and the following menu will appear:
You could also specify a DNS server to resolve incoming DNS requests.
Page 98 / 234
USER MANUAL
Peplink Balance Series
-98 / 234 -
Copyright © 2014 Peplink
Link Failure Detection
Link Failure
Detection Time
The bonded VPN can detect routing failures on the path between two sites over each WAN
connection. Failed WAN connections will not be used to route VPN traffic. Health check
packets are sent to the remote unit to detect any failure. The more frequently checks are
sent, the shorter the detection time, although more bandwidth will be consumed.
When
Recommended
(default) is selected, a health check packet is sent every five
seconds, and the expected detection time is 15 seconds.
When
Fast
is selected, a health check packet is sent every three seconds, and the
expected detection time is six seconds.
When
Faster
is selected, a health check packet is sent every second, and the expected
detection time is two seconds.
When
Extreme
is selected, a health check packet is sent every 0.1 second, and the
expected detection time is less than one second.
Important Note
Peplink proprietary SpeedFusion
TM
uses TCP port 32015 and UDP port 4500 for establishing VPN connections. If
you have a firewall in front of your Peplink Balance devices, you will need to add firewall rules for these ports and
protocols to allow inbound and outbound traffic to pass through the firewall.
Tip
Watch a video walkthrough of setting up a SpeedFusion
TM
VPN on our
YouTube Channel
!
http://youtu.be/xNaq13FWu_g
Page 99 / 234
USER MANUAL
Peplink Balance Series
-99 / 234 -
Copyright © 2014 Peplink
13.2
The Peplink Balance Behind a NAT Router
The Peplink Balance supports establishing SpeedFusion
TM
over WAN connections which are behind a
NAT (network address translation) router.
To enable a WAN connection behind a NAT router to accept VPN connections, you can configure the
NAT router in front of the WAN connection to inbound port-forward TCP port 32015 to the Peplink
Balance.
If one or more WAN connections on Unit A can accept VPN connections (by means of port forwarding or
not) while none of the WAN connections on the peer Unit B can do so, you should enter all
of Unit A’s
public IP addresses or hostnames into
Unit B’s
Remote IP Addresses / Host Names
field. Leave the
field in Unit A blank. With this setting, a SpeedFusion
TM
connection can be set up and all WAN
connections on both sides will be utilized.
See the following diagram for an example of this setup in use:
One of the WANs connected to Balance A is non-
NAT’d (
212.1.1.1
). The rest of the WANs connected to
Balance A and all WANs connected to
Balance B are NAT’d. In
this case, the
Peer IP Addresses / Host
Names
field for
Balance B should be filled with all of Balance A’s
hostnames or public IP addresses (i.e.,
212.1.1.1
,
212.2.2.2
, and
212.3.3.3
), and the field in Balance A can be left blank. The two NAT routers on
WAN1 and WAN3 connected to Balance A should inbound port-forward TCP port 32015 to Balance A so
that all WANs will be utilized in establishing the VPN.
Page 100 / 234
USER MANUAL
Peplink Balance Series
-100 / 234 -
Copyright © 2014 Peplink
13.3
SpeedFusion
TM
Status
SpeedFusion
TM
Status is shown in the
Dashboard
. The connection status of each connection profile is
shown as below.
SpeedFusion
TM
connection status is also shown on the LCD panel of the Peplink Balance 380, 580, 710,
1350, 2500, and MediaFast 200 and 500.
After clicking the
Details
button at the top right corner of the SpeedFusion
TM
table, you will be forwarded
to
Status>SpeedFusion
TM
, where you can view subnet and WAN connection information for each VPN
peer. Please refer to section 26.5
for details.
IP Subnets Must Be Unique Among VPN Peers
The entire interconnected SpeedFusion
TM
network is a single non-NAT IP network. Avoid duplicating subnets in
your sites to prevent connectivity problems when accessing those subnets.

Rate

3.5 / 5 based on 2 votes.

Popular Peplink Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top