Pismolabs Technology P1805 Pepwave / Peplink / Pismo Wireless Product User Manual U8G P1805
Pismo Labs Technology Limited Pepwave / Peplink / Pismo Wireless Product U8G P1805
Contents
- 1. User Manual (1 of 4).pdf
- 2. User Manual (2 of 4).pdf
- 3. User Manual (3 of 4).pdf
- 4. User Manual (4 of 4).pdf
User Manual (2 of 4).pdf
USER MANUAL
Peplink Balance Series
http://www.peplink.com -51 / 227 - Copyright © Peplink
your carrier.
The default and recommended Operator Settings is Auto.
APN / Login /
Password / SIM
PIN
When Auto is selected, the information in these fields will be filled automatically.
Select the option Custom and you may customize these parameters. The parameters
values are determined by and can be obtained from the ISP.
General Settings
DNS Servers
Each ISP may provide a set of DNS servers for DNS lookups.This setting specifies the
DNS (Domain Name System) Servers to be used when a DNS lookup is routed through
this connection.
Selecting Obtain DNS server address automatically results in the DNS Servers
assigned by the PPPoE server to be used for outbound DNS lookups over the WAN
connection. (The DNS Servers are obtained along with the WAN IP address assigned
from the PPPoE server.)
When Use the following DNS server address(es) is selected, you can put custom DNS
server addresses for this WAN connection into the DNS Server 1 and DNS Server 2
fields.
Standby State
This option allows you to choose whether to remain the connection connected or
disconnected when this WAN connection is no longer in the highest priority and has
entered the standby state. When Remain connected is chosen, upon bringing up this
WAN connection to active, it will be immediately available for use.
Idle Disconnect
When Internet traffic is not detected within the user specified timeframe, the modem will
automatically disconnect. Once the traffic is resumed by the LAN host, the connection
will be re-activated,
USER MANUAL
Peplink Balance Series
http://www.peplink.com -52 / 227 - Copyright © Peplink
Health Check Settings
Heath
Check
Method
This setting allows you to specify the health check method for the Cellular connection.
The as available options are Disabled, Ping, DNS Lookup, HTTP, and SmartCheck
The default method is DNS Lookup.See Section for configuration details.
Timeout
If a health check test cannot be completed within the specified amount of time, the test
will be treated as failed.
Health Check
Interval
This is the time interval between each health check test.
Health Check Retries
This is the number of consecutive check failures before treating a connection as down.
Recovery Retries
This is the number of responses required after a
health check failure before treating a
connection as up again.
Dynamic DNS Settings
Dynamic DNS Service
Provider
This setting specifies the dynamic DNS service provider to be used for the WAN based on
supported dynamic DNS service providers:
· changeip.com
· dyndns.org
· no-ip.org
· tzo.com
· DNS-O-Matic
Select Disabled to disable this feature.See Section for configuration details.
Bandwidth Allowance Settings
Bandwidth Allowance
Monitor
This option allows you to enable bandwidth usage monitoring on this WAN connection
for each billing cycle. When this is not enabled, bandwidth usage of each month is still
being tracked but no action will be taken.
USER MANUAL
Peplink Balance Series
http://www.peplink.com -53 / 227 - Copyright © Peplink
See Section for configuration details.
MTU
This setting specifies the Maximum Transmission Unit.
By default, MTU is set to Custom 1440.
You may adjust the MTU value by editing the text field. Click Default to restore the
default MTU value. Select Auto and the appropriate MTU value will be automatically
detected. The auto-detection will run each time when the WAN connection establishes
USER MANUAL
Peplink Balance Series
http://www.peplink.com -54 / 227 - Copyright © Peplink
Configuring theLAN Interface
.
WAN Configuration
For basic configuration, refer to Section , Basic Configuration.
For advanced configuration, refer to Section , Configuring the WAN Interface(s).
USER MANUAL
Peplink Balance Series
http://www.peplink.com -55 / 227 - Copyright © Peplink
8 Basic Configuration
8.1 Connecting to the Web Admin Interface
1. Start a Web browser on a computer that is connected with the Peplink Balance through the LAN.
2. To connect to the W eb Adminof thePeplink Balance, enter the following LAN IP address in the
address field of the web browser:
http://192.168.1.1
(This is the default LAN IP address of the Peplink Balance.)
3. Enter the following to access the W eb
Admin Interface.
User Name: admin
Password: admin
(This is the default Admin User login of
the Peplink Balance. The Admin and
Read-only User Password can be
changed atSystem > Admin Security.)
4. After successful login, the Dashboard of the Web Admin Interfacewill be displayed. It looks
similar to the following:
Important Note
The Save button causes the changes to be saved. Configuration changes (e.g., WAN, LAN, admin settings, etc.)
take effect after clicking the Apply Changes button on each page’s top right corner.
USER MANUAL
Peplink Balance Series
http://www.peplink.com -56 / 227 - Copyright © Peplink
8.2 Configuration with the Setup Wizard
The Setup Wizard simplifies the task of configuring WAN connection(s) by guiding the configuration
process step-by-step.
To begin, click Setup Wizard after connecting to theWeb Admin Interface.
Click Next to begin.
Select YES if you want to set up Drop-in Mode using the setup wizard (note: Drop-in Mode is available on
the Peplink Balance 210+).
Click on the appropriatecheckbox(es) to select the WAN connection(s) to be configured. If you have
chosen to configure Drop-in Mode using thesetup wizard, the box of WAN portthat is to be configured in
Drop-in Mode will be checked by default.
USER MANUAL
Peplink Balance Series
http://www.peplink.com -57 / 227 - Copyright © Peplink
IfDrop-in Modeis going to be configured, the setup wizard will move on to Drop-in Settings.
Select the connection type for WAN connection(s) from the following screen:
Depending on the selection of connection type, further configuration may be needed.For
example,PPPoEand Static IP require additional settingsfor the selected WAN port. Please refer
toSection , Configuring the WAN Interface(s) for details on setting up DHCP, static IP, andPPPoE.
If Mobile Internet Connectionis checked, the setup wizard will move on to Operator Settings.
If Custom Mobile Operator Settingsis selected, APN parameters are required to be entered. Some
service providers may charge a fee for connecting to a different APN. Please consult yourservice provider
for the correct settings.
USER MANUAL
Peplink Balance Series
http://www.peplink.com -58 / 227 - Copyright © Peplink
Click on the appropriate check box(es) to select the preferred WAN connection(s). Connection(s) not
selected in this step will be used as backup only. Click Next>> to continue.
Choose the time zone of your country/region. Check the box Show allto display all time zone options.
Check in the following screen to make sure all settings have been configured correctly, and then click
Save Settingsto confirm.
After finishing the last step in the setup wizard, clickApply Changeson the page header to allowthe
configuration changes to take effect.
USER MANUAL
Peplink Balance Series
http://www.peplink.com -59 / 227 - Copyright © Peplink
8.3 Advanced Setup
Advanced settings can be configured from the Network menu.
WAN connections can be configured by entering the corresponding WAN connection informationat
Network> Interfaces >WAN.
Tip
Please refer to
Section ,Configuring the WAN Interface(s), for details on setting up DHCP, static IP, PPPoE
,
and mobile Internet connections.
USER MANUAL
Peplink Balance Series
http://www.peplink.com -60 / 227 - Copyright © Peplink
8.4 Cellular WAN
Network>WAN> Click on Detail
(Available on the Peplink 30 LTE only)
Cellular Status
IMSI
This is the International Mobile Subscriber Identity which uniquely identifies the SIM card.
This is applicable to 3G modems only.
MEID
The Pepwave MAX supports both HSPA and EV-DO.
For Sprint or Verizon Wireless EV-DO users, a unique MEID identifier code (in
hexadecimal format) is used by the carrier to associate the EV-DO device with the user.
This information is presented in hex and decimal format.
ESN This serves the same purpose as MEID HEX but uses an older format.
IMEI This is the unique ID for identifying the modem in GSM/HSPA mode.
USER MANUAL
Peplink Balance Series
http://www.peplink.com -61 / 227 - Copyright © Peplink
WAN Connection Settings
WAN Connection
Name
This field is for defining a name to represent this WAN connection.
Network Mode
Users have to specify the Network they are on accordingly.
Routing Mode
This option allows you to select the routing method to be used in
routing IP frames via the
WAN connection. The mode can be either NAT (Network Address Translation) or IP
Forwarding. Click the button to enable IP Forwarding.
Cellular Settings
3G/2G Band selection to restrict cellular on particular band. Click on the
button to enable the
selection of specific bands.
Data Roaming
This checkbox enables data roaming on this particular SIM card. Please check your
service provider’s data roaming policy before proceeding.
Operator Settings
This setting applies to 3G / EDGE / GPRS modem only. It does not apply to EVDO / EVDO
Rev. A modem.
This allows you to configure the APN settings of your connection. If Auto is selected, the
mobile operator should be detected automatically. The connected device will be
configured and connection will be made automatically afterwards. If there is any difficulty
in making connection, you may select Custom to enter your carrier’s APN, Login,
Password, and Dial Number settings manually. The correct values can be obtained from
your carrier.
The default and recommended Operator Settings is Auto.
APN / Login /
Password / SIM
PIN
When Auto is selected, the information in these fields will be filled automatically.
Select the option Custom
and you may customize these parameters. The parameters
values are determined by and can be obtained from the ISP.
USER MANUAL
Peplink Balance Series
http://www.peplink.com -62 / 227 - Copyright © Peplink
General Settings
DNS Servers
Each ISP may provide a set of DNS servers for DNS lookups.This setting specifies the
DNS (Domain Name System) Servers to be used when a DNS lookup is routed through
this connection.
Selecting Obtain DNS server address automatically results in the DNS Servers
assigned by the PPPoE server to be used for outbound DNS lookups over the WAN
connection. (The DNS Servers are obtained along with the WAN IP address assigned
from the PPPoE server.)
When Use the following DNS server address(es) is selected, you can put custom DNS
server addresses for this WAN connection into the DNS Server 1 and DNS Server 2
fields.
Standby State
This option allows you to choose whether to remain the connection connected or
disconnected when this WAN connection is no longer in the highest priority and has
entered the standby state. When Remain connected
is chosen, upon bringing up this
WAN connection to active, it will be immediately available for use.
Idle Disconnect
When Internet traffic is not detected within the user specified timeframe, the modem will
automatically disconnect. Once the traffic is resumed by the LAN host, the connection
will be re-activated,
Health Check Settings
Heath Check
Method
This setting allows you to specify the health check method for the Cellular connection.
The as available options are
Disabled, Ping, DNS Lookup, HTTP,
and
SmartCheck
USER MANUAL
Peplink Balance Series
http://www.peplink.com -63 / 227 - Copyright © Peplink
The default method is DNS Lookup.See Section for configuration details.
Timeout
If a health check test cannot be completed within the specified amount of time, the test
will be treated as failed.
Health Check
Interval
This is the time interval between each health check test.
Health Check Retries
This is the number of consecutive check failures before treating a connection as down.
Recovery Retries
This is the number of responses required after a health check failure before treating a
connection as up again.
Dynamic DNS Settings
Dynamic DNS Service
Provider
This setting specifies the dynamic DNS service provider to be used for the WAN based on
supported dynamic DNS service providers:
· changeip.com
· dyndns.org
· no-ip.org
· tzo.com
· DNS-O-Matic
Select Disabled to disable this feature.See Section for configuration details.
Bandwidth Allowance Settings
Bandwidth Allowance
Monitor
This option allows you to enable bandwidth usage monitoring on this WAN connection
for each billing cycle. When this is not enabled, bandwidth usage of each month is still
being tracked but no action will be taken.
See Section for configuration details.
MTU
This setting specifies the Maximum Transmission Unit.
By default, MTU is set to Custom 1440.
You may adjust the MTU value by editing the text field. Click Default to restore the
USER MANUAL
Peplink Balance Series
http://www.peplink.com -64 / 227 - Copyright © Peplink
default MTU value. Select Auto and the appropriate MTU value will be automatically
detected. The auto-
detection will run each time when the WAN connection establishes
USER MANUAL
Peplink Balance Series
http://www.peplink.com -65 / 227 - Copyright © Peplink
9 Configuring theLAN Interface
LAN Interface settings are located atNetwork> Interfaces > LAN.
IPSettings
IP Address &
Subnet Mask
Enter Peplink Balance’s IP address and subnet mask values to be used on the LAN.
Speed
This setting specifies the speed of the LAN Ethernet port.
By default, Auto is selected and the appropriate data speed is automatically detected by
Peplink Balance.
In the event of negotiation issues, the port speed can be manually specified to circumvent
the issues. You can also choose whether or not to advertise the speed to the peer by
selecting the Advertise Speed checkbox.
To enable VLAN configuration, press the button under IP Settings. After clicking the link, the following
screen will appear:
Click theNew LANbutton to reach the following screen:
VLAN-enabled IP Settings
Name
This field specified the name of this particular VLAN
IP Address
Enter Peplink Balance’s IP address and subnet mask values to be used on the VLAN.
VLAN ID
Please enter a
numerical value to identify this VLAN.
Captive Portal
This options switches on captive portal for users connected to this VLAN. Users on open
networks will receive a splash screen, while users on closed networks will receive a login
screen.
DHCP Server
Check the Enable box to enable the built-in DHCP server which serves DHCP requests on
USER MANUAL
Peplink Balance Series
http://www.peplink.com -66 / 227 - Copyright © Peplink
the LAN.
Port Settings
Ports
To choose a physical Ethernet port to act as a LAN interface (in addition to the dedicated
LAN port or ports), check the appropriate box and choose a speed setting from the drop-
down menu immediately to the right of the listing. The default setting is Auto, which allows
the Balance to detect and apply an appropriate data speed setting.
Drop-in Mode Settings
(Available on Peplink Balance 210+)
Enable
Drop-in Mode eases the installation of the Peplink Balance on a live network between the
existing firewall and router, such that no configuration changes are required on existing
equipment. Check the box to enable the Drop-in Mode feature.
Please refer to Section, Drop-in Modefor details.
WAN for Drop-In
Mode
Select the WAN port to be used for Drop
-in Mode. If WAN 1 with LAN Bypass
is selected,
the
High Availability feature will be disabled automatically.
Shared Drop-
In
ModeA
When this option is enabled, the passthrough IP address will be used to connect to WAN
hosts (email notification, remote syslog, etc.). The Balance will listen for this IP address
when WAN hosts access services provided by the Balance (Web Admin access from the
WAN, DNS server requests, etc.).
To connect to hosts on the LAN (email notification, remote syslog, etc.), the default gateway
USER MANUAL
Peplink Balance Series
http://www.peplink.com -67 / 227 - Copyright © Peplink
address will be used. The Balance will listen for this IP address when LAN hosts access
services provided by the Balance (Web Admin a
ccess from the WAN, DNS proxy, etc.).
Shared IP
Address
A
Access to this IP address will be passed through to the LAN port if this device is not serving
the service being accessed. The shared IP Address will be used in connecting to hosts on
the WAN (e.g. email notification, remote syslog, etc.) The device will also listen on the IP
address when hosts on the WAN access services served on this device (e.g. web admin
accesses from WAN, DNS server, etc.)
WAN Default
Gateway
Enter the WAN router's IP address in this field. If there are more hosts
in addition tothe
router on the WAN segment, check the
I have other host(s) on WAN segment box
and
enter the IP address of the hosts that need
to access LAN devices or be accessed by
others.
WAN DNS Servers
Enter the selected WAN's corresponding DNS server IP a
ddresses.
A - Advanced feature, please click the button on the top right hand corner to activate.
Note: Drop-in Mode and VLAN functionality are mutually exclusive.
DHCP Server Settings
DHCP Server
When this setting is enabled, the Peplink Balance’s DHCP server automatically assigns an
IP address to each computer that is connected via LAN and is configured to obtain an IP
address via DHCP.
The Peplink Balance’s DHCP server can prevent IP address collision
s
on the LAN.
IP Range &
Subnet Mask
These settings allocate a range of IP address that will be assigned to LAN computers by the
Peplink Balance’s DHCP server.
Lease Time
This setting specifies the length of time throughout which an IP address of a DHCP client
remains valid. Upon expiration of Lease Time, the assigned IP address will no longer be
valid and the IP address assignment must be renewed.
DNS Servers
This option allows you to input the DNS server addresses to be offered to DHCP clients. If
Assign DNS server automatically is selected, the Peplink Balance’s built-in DNS server
address (i.e., LAN IP address) will be offered.
WINS Server
This option allows you to specify the Windows Internet Name Service (WINS) server. You
may choose to use the built
-in WINS server or external WINS servers.
When this unit is connected using SpeedFusion
TM
, other VPN peers can share this unit's
USER MANUAL
Peplink Balance Series
http://www.peplink.com -68 / 227 - Copyright © Peplink
built-in WINS server by entering this unit's LAN IP address in their DHCP WINS Servers
setting. Therefore, all PC clients in the VPN can resolve the NetBIOS names of other clients
in remote peers.
If you have enabled
this option, a list of WINS clients will be displayed at
Status > WINS Clients.
Extended DHCP
Option
In addition to standard DHCP options (e.g. DNS server address, gateway address, subnet
mask), you can specify the value of additional extended DHCP options, asdefined in RFC
2132. With these extended options enabled, you can pass additional configuration
information to LAN hosts.
To define an extended DHCP option, click the Add button, choose the option to define, and
then enter its value. For values that are in IP address list format, you can enter one IP
address per line in the provided text area input control. Each option can be defined once
only.
DHCP Reservation
This setting reserves the assignment of fixed IP addresses for a list of computers on the
LAN. The computers to be assigned fixed IP addresses on the LAN are identified by their
MAC addresses.
The fixed IP address assignment is displayed as a cross-reference list between the
computers’ names, MAC addresses, and fixed IP addresses.
Name (an optional field) allows you to specifya name to represent the device. MAC
addresses should be in the format of 00:AA:BB:CC:DD:EE. Press to create a new
record. Press to remove a record.Reserved clients information can be imported from
the Client List, located at Status > Client List. For more details, please refer to section .
Static Route Settings
Static Route
This table is for defining static routing rules for the LAN segment. A static route consists of
the network address, subnet mask, and gateway address. The address and subnet mask
values are in w.x.y.zformat.
The local LAN subnet and subnets behind the LAN will be advertised to the VPN. Remote
routes sent over the VPN will also be accepted. Any VPN member will be able to route to
the local subnets.Press to create a new route. Press to remove a route.
WINS Server Settings
Enable
Check the box to enable the WINS Server. A list of WINS clients will be displayed at Status
> WINS Clients.
USER MANUAL
Peplink Balance Series
http://www.peplink.com -69 / 227 - Copyright © Peplink
DNS Proxy Settings
Enable
To enable the DNS Proxy feature, check this box, and then set up the feature atNetwork >
LAN > DNS Proxy Settings table.
A DNS proxy server can be enabled to serve DNS requests originating from
LAN/PPTP/SpeedFusionTM peers. Requests are forwarded to the DNS servers/resolvers
defined foreach WAN connection.
DNS Caching
This field is to enable DNS caching on the built-in DNS proxy server. When the option is
enabled, queried DNS replies will be cached until the records’ TTL has been reached. This
feature can improve DNS responsetime by storing all received DNS results for faster DNS
lookup. However, it cannot return the most updated result for frequently updated DNS
records.By default, DNS Cachingisdisabled.
Include Google
Public DNS
Servers
When this option is
enabled, the DNS proxy server will forward DNSrequests to
Google's
Public DNS Servers
, in addition to the DNS servers defined in each WAN. This could
increase the DNS
service's availability.This setting isdisabled by default.
Local DNS
Records
This table is for defining custom local DNS records. A static local DNS record consists of a
host name and IP Address. When looking up the host name from the LAN to LAN IP of the
Peplink Balance, the corresponding IP address will be returned.Press to create a
new record. Press to remove a record.
DNS Resolvers A
Check the box to enable the WINS Server. A list of WINS clients will be displayed at
Network > LAN > DNS Proxy Settings > DNS Resolvers.
This field specifies which DNS resolvers will receive forwarded DNS requests. If no
WAN/VPN/LAN DNS resolver is selected, all of the WAN’s DNS resolvers will be selected.
If a SpeedFusionTMpeer is selected, you may enter the VPN peer’s DNS resolver IP
address(es).
Queries will be forwarded to the selected connections’ resolvers. If all of the selected
connections are down, queries will be forwarded to all resolvers on healthy WAN
connections.
A - Advanced feature, please click the button on the top right hand corner to activate.
USER MANUAL
Peplink Balance Series
http://www.peplink.com -70 / 227 - Copyright © Peplink
10 Drop-in Mode
Drop-in Mode (or transparent bridging mode) eases the installation of the Peplink Balance on a live
network between the firewall and router, such that changes to the settings of existing equipment are not
required. Note that Drop-in Mode is NOT applicable to the Balance 20, 30or 30 LTE.
The following diagram illustratesDrop-in Mode setup:
Check the checkbox to Enable Drop-in Mode. After enabling this feature and selecting the WAN for
Drop-in mode, various settings, including the WAN's connection method and IP address, will be
automatically updated.
When Drop-in Mode is enabled, the LAN and the WAN for Drop-in Mode ports will be bridged.Traffic
between the LAN hosts and WAN router will be forwarded between the devices. In this case, the hosts on
both sides will not notice any IP or MAC address changes.
After successfully setting up the Peplink Balance as part of the network usingDrop-in Mode, a Peplink
Balance 210 will accommodate one additional WAN connection;a 310, 305 or380will accommodate two, a
580 will accommodate four, a 710will accommodate six, a 1350 will accommodate twelve,and a 2500 will
accommodate eleven additional WAN connections.
IMPORTANT NOTE for customers using Drop-in Mode and
planning to upgrade from firmware 4.8.2 or below to 5.0+
MAC address passthrough for Drop-in Mode is implemented in firmware 5.0 and above. If Drop-in Mode is enabled
when upgrading from a previous firmware version, the ARP tables on hosts on LAN and WAN segments must be
flushed once. Alternately, thehosts may be be rebooted. Otherwise, hosts on one side may not be able to reach
hosts on the other side of the Peplink Balance until old ARP records expire. Units not using Drop-in Mode are not
affected.
NOTE
The PPTP server will be disabled inDrop-in Mode.
USER MANUAL
Peplink Balance Series
http://www.peplink.com -71 / 227 - Copyright © Peplink
To enable Drop-in Mode, perform the following steps:
1. Check the Enable box under Drop-in Mode located at: Network > Interfaces > LAN. (After
checking the Enable box, most network settings for WAN1 will be hidden in theWeb Admin
Interface.)
2. Enterthe IP address of the WAN1 router in the WAN Default Gateway field. Ensure that the Peplink
Balance IP subnet is the same as the firewall’s WAN port and the router’s LAN port.
3. If there are hosts other than the router on the WAN segment of Peplink Balance, check theIhave
other host(s) on WAN segmentbox, enter the IP address(es) of the host(s), and then click the
down-arrow to add the hosts.
The following diagram illustrates:
USER MANUAL
Peplink Balance Series
http://www.peplink.com -72 / 227 - Copyright © Peplink
Important Note
Starting from Firmware version 5.0, Drop-in mode canbe configuredon any WAN port. Pleasenote that only one
WAN port can be configured in Drop-in mode.If you have selected the LAN bypass port (which is currently available
on WAN1 ofthe Balance 1350 and WAN5 of the Balance 580) as the WAN for Drop-in Mode, the High Availability
feature will be DISABLED automatically.
Tip
Want to know more about Drop-in mode? Visit our YouTube Channel for video tutorials!
http://youtu.be/lZG2-VPml5w
USER MANUAL
Peplink Balance Series
http://www.peplink.com -73 / 227 - Copyright © Peplink
11 Configuring the WAN Interface(s)
WAN interface settings are located at: Network> Interfaces > WAN
By clicking a connection name,connection settings of that WAN can be modified.The connection method
and details can be obtained from yourISP.
Connection Settings
WAN Connection
Name
This field is for defining a name to represent this WAN connection.
Enable
This field is for choosing whether to enable this WAN connection.
Connection Method
This option allows you to select the connection method for this WAN connection. Available
options are:
1. DHCP
2. Static IP
3. PPPoE
4. Mobile Internet Connection
See sections , , , and for configuration details pertaining to each connection method.
Routing Mode
This field shows that NAT (Network Address Translation) will be applied to the traffic
routing over this WAN connection. IP Forwarding is also available when you click the link
in the help text. For further details, please refer to , Routing under DHCP, Static IP, and
PPPoEį
Connection Type
This setting specifies the utilization of the WAN connection.
USER MANUAL
Peplink Balance Series
http://www.peplink.com -74 / 227 - Copyright © Peplink
Always-on results in the WAN connection being used whenever it is available. If Backup
Priority and a priority group are selected, the WAN connection is treated as a backup
connection and is used only in the absence of available always-on WAN connection(s) and
higher priority backup connection(s).
The default and recommended connection type is Always-on.
Reply to ICMP Ping
If this field is disabled, the WAN connection will not respond to ICMP ping requests. By
default, this setting isenabled.
Upload Bandwidth
This setting specifies the data bandwidth in the outbound direction from the LAN through
the WAN interface. This value is provided by yourISP and should reflect the actual speed
of the WAN.
This value is referenced when default weight is chosen for outbound traffic and traffic
prioritization. Setting thecorrect value here can result in effective traffic prioritization and
efficient use of upload bandwidth.
Download
Bandwidth
This setting specifies the data bandwidth in the inbound direction from the WAN interface
to the LAN. This value is provided by yourISP and should reflect the actual speed of
theWAN.
This value is referenced as the default weight value when using the Least Usedor
Persistence (Auto)algorithms in Outbound Policy with Managed by Custom Rules
chosen (see Section ).
IPv6
IPv6
IPv6 support can be enabled on one of the available Ethernet WAN ports. On this screen,
you can choose which WAN will support IPv6.
To enable IPv6 support on a WAN, the WAN router must respond to stateless address
auto configuration advertisements and DHCPv6 requests. IPv6 clients on the LAN will
acquire their IPv6, gateway, and DNS server addresses from it. The device will also
acquire an IPv6 address for performing ping/traceroute checks and accepting Web Admin
accesses.
USER MANUAL
Peplink Balance Series
http://www.peplink.com -75 / 227 - Copyright © Peplink
11.1 Connection Method(s)
There are four possible connection methods:
1. DHCP
2. Static IP
3. PPPoE
4. Mobile Internet Connection (for USB WAN)
11.1.1 DHCP Connection
The DHCP connection method is suitable if yourISP provides an IP address automatically usingDHCP
(e.g.,cable, metro Ethernet, etc.).
DHCP Settings
DNS Servers
Each ISP may provide a set of DNS servers for DNS lookups. This setting specifies the
DNS (Domain Name System) servers to be used when a DNS lookup is routed through this
connection.
Selecting Obtain DNS server address automatically results in the DNS servers
assigned by the WAN DHCP Server being used for outbound DNS lookups over the
connection. (The DNS servers are obtained along with the WAN IP address assigned by
the DHCP server.)
When Use the following DNS server address(es) is selected, you may enter custom DNS
server addresses for this WAN connection into the DNS server 1 and DNS server 2 fields.
Hostname
(Optional)
If your service provider's DHCP server requires you to supply a hostname value upon
acquiring an IP address, you may enter the value here. If your service provider does not
provide you witha hostmane, you can safely bypass this option.
Please refer to sections , , , and for details aboutWAN Health Check,Bandwidth Allowance Monitor,
Additional Public IP Settings, and Dynamic DNS Settings.
USER MANUAL
Peplink Balance Series
http://www.peplink.com -76 / 227 - Copyright © Peplink
11.1.2 Static IP Connection
The static IP connection method is suitable if yourISP provides a static IP address to connect directly.
Static IP Settings
IP Address /
Subnet Mask /
Default Gateway
These settings specify the information required in order to communicate on the Internet
via a fixed Internet IP address.
The information is typically determined by and can be obtained from yourISP.
DNS Servers
Each ISP may provide a set of DNS servers for DNS lookups. This field specifies the
DNS (Domain Name System) servers to be used when a DNS lookup is routed through
this connection.
You can input the ISP-provided DNS server addresses into the DNSserver 1 and
DNSserver 2 fields. If no address is entered here, this link will not be used for DNS
lookups.
Please refer to Section , , , and for details about WAN Health Check, Bandwidth Allowance Monitor,
Additional Public IP Settings, and Dynamic DNS Settings respectively.
USER MANUAL
Peplink Balance Series
http://www.peplink.com -77 / 227 - Copyright © Peplink
11.1.3 PPPoE Connection
This connection method is suitable if your ISP provides a login ID/password to connect via PPPoE.
PPPoE Settings
PPPoE User Name
/ Password
Enter the required information in these fields in order to connect via PPPoE to your ISP.
The parameter values are determined by and can be obtained from your ISP.
Confirm PPPoE
Password
Verify your password by entering it again in this field.
Service Name
(Optional)
Service Name is a PPPoE parameter which is provided by your ISP.
Note: Leave this field blank unless it is provided by your ISP.
DNS Servers
Each ISP may provide a set of DNS servers for DNS lookups. This setting specifies the
DNS (Domain Name System) servers to be used when a DNS lookup is routed through this
connection.
Selecting Obtain DNS server address automatically results in the DNS servers assigned
by the PPPoE server to be used for outbound DNS lookups over the WAN connection.
(The DNS servers are obtained along with the WAN IP address assigned from the PPPoE
server.)
When Use the following DNS server address(es) is selected, you can put custom DNS
server addresses for this WAN connection into the DNS server 1 and DNS server 2 fields.
Please refer to section , , , and for details about WAN Health Check, Bandwidth Allowance Monitor,
Additional Public IP Settings, and Dynamic DNS Settings.
Note
A PPPoE connection made from a firewall does not work with Drop-in Mode.
USER MANUAL
Peplink Balance Series
http://www.peplink.com -78 / 227 - Copyright © Peplink
11.1.4 Mobile Internet Connection
The Mobile InternetConnection method is suitable for USB modem mobile connections,such as 3G,
WiMAX, LTE, EVDO, EDGE, and GPRS. Currently, it only applies to connections made via the Balance’s
USB mobile WAN port, except in the case of the Balance 30 LTE, which includes a built-in 4G LTE
modem. For alist of supported modems, please refer to Peplink Modem Support page at
http://www.peplink.com/modem.
Mobile Internet Connection Settings
Enable
SelectYes to enable the connection.
Connection
Type
This setting specifies the utilization of the WAN connection.Always-on results in the WAN
connection beinge used whenever it is available. If Backup is selected, the WAN connection is
treated as a backup connection and is used only in the absence of an available always-on
WAN.The default and recommended connection type is Always-on.
Standby State
This option allows you to choose whether to remain connected or disconnect when this WAN
connection is no longer in the highest priority and has entered the standby state. When Remain
connected is chosen and this WAN connection is madeactive, the WAN connectionwill be
immediately available for use.
Idle
Disconnect
With this option enabled, an idle connection will be disconnected after a specified periodof time.
This time value specified is global and will affect all WAN profiles. The mobile connection will re-
establish on demand.
Reply to ICMP
Ping
If this field is disabled, the WAN connection will not respond to ICMP ping requests. By default,
this setting is enabled.
USER MANUAL
Peplink Balance Series
http://www.peplink.com -79 / 227 - Copyright © Peplink
Operator
Settings
This setting applies to 3G/LTE/EDGE/GPRS modems only. It does not apply to EVDO/EVDO
Rev. A modems.
Operator Settingsallows you to configure the APN settings of your connection. If Auto is
selected, the Peplink Balance will automatically detect the APN, configure the modem, and make
a connection. You may change the APN settings by selecting Custom Mobile Operator
Settings.The default and recommended Operator Settingsvalue is Auto.The correct values can
be obtained from your mobile Internet service provider.
SIM PIN
(Optional)
This is an optional field which is only needed when there is SIM lock for your SIM card service.
DNS Servers
Each ISP may provide a set of DNS servers for DNS lookups. This field specifies the DNS
servers to be used when a DNS lookup is routed through this connection. You can input the ISP-
provided DNS server addresses into the DNS server 1 and DNS server 2 fields. If no address is
entered here, this link will not be used for DNS lookups.
Please refer to sections, , , and for details about WAN Health Check, Bandwidth Allowance Monitor,
Additional Public IP Settings, and Dynamic DNS Settings.
USER MANUAL
Peplink Balance Series
http://www.peplink.com -80 / 227 - Copyright © Peplink
11.1.4.1 Modem Specific Custom Settings
The following settings may be available, depending on the modem model. The example below is for a 3G
modem.
Modem Specific Custom Settings
Modem Model
This field displays the manufacturer name of the connected mobile modem.
IMSI
This field shows the IMSI number
associated with the SIM inside the mobile modem.
Network Type
This setting allows you to define your preference forusing 3G and/or 2G networks. 3G
networks include HSPA/UMTS. 2G networks include EDGE/GPRS.
If 3G only or 2G only is chosen, only the HSPA/UMTS or EDGE/GPRS network will be
used, respectively. If the chosen network is not available, no other network will be
used, regardless of its availability. The modem connection will remain offline.
If 3G preferred or 2G preferred is chosen, the chosen network will be used when it is
available. If the chosen network is not available, the other network will be used
whenever available.
The default network type is 3G preferred.
GSM Frequency
Band
This setting allows you to specify which GSM frequency band willbe used.
GSM1900 is used in the United States, Canada, and many other countries in the
Americas.
GSM900 / GSM1800 / GSM2100 are used in Europe, the Middle East, Africa, Asia,
Oceania, and Brazil.
If All Bands is chosen, the appropriate frequency band will be used automatically.
The default GSM frequency band is All Bands.
USER MANUAL
Peplink Balance Series
http://www.peplink.com -81 / 227 - Copyright © Peplink
11.1.4.2 WiMAX Settings
If a WiMAX modem is present in the system, its settings user interface can be accessed atNetwork >
Interfaces > WAN > Mobile Internet.
The example shown here relates to Sprint’s 250U or 600U WiMAX modems.
Modem Specific Custom Settings
Modem Model
The brand of the modem is automatically detected and appears here.
ESN
The modem's electronic serial number (ESN) is also auto-detected and appears here.
Network Type
This is to specify the network type (e.g., 3G or 4G) to be used with the modem.
USER MANUAL
Peplink Balance Series
http://www.peplink.com -82 / 227 - Copyright © Peplink
11.2 Physical Interface Settings
Physical Interface Settings
Speed
This setting specifies port speed and duplex configurations of the WAN port.By default,
Auto is selected and the appropriate data speed is automatically detected by the Peplink
Balance.In the event of negotiation issues, the port speed can be manually specified to
circumvent the issues. You can also choose whether or not to advertise the speed to the
peer by selecting the Advertise Speed checkbox.
MTU
This setting specifies the maximum transmission unit.By default, MTU is set to Custom
1440.You may adjust the MTU value by editing the text field. Click Default to restore the
default MTU value. Select Auto and the appropriate MTU value will be automatically
detected.The auto-detection will run each time the WAN connection establishes.
MSS
This setting should be configured based on the maximum payload size that the local system
can handle. The MSS (maximum segment size) is computed by takingthe MTU and
subtracting40 bytes for TCP over IPv4.If MTU is set to Auto, MSS will also be set
automatically.By default, MSS is set to Auto.
MAC
Address
Clone
This setting allows you to configure the MAC address.Some service providers (e.g., cable
providers) identify the client’s MAC address and require the client to always use the same
MAC address to connect to the network. In such cases, change the WAN interface’s MAC
address to the original client PC’s MAC addressvia this field. The default MAC address is a
unique value assigned at the factory. In most cases, the default value is sufficient. Clicking
the Default button restores the MAC address to the default value.
VLAN
Some service providers require the router to enable VLAN tagging for Internet traffic. If it is
required by your service provider, you can enable this field and enter the
VLAN ID
that the
provider requires.
Note: leave this field disabled if you are not sure.
USER MANUAL
Peplink Balance Series
http://www.peplink.com -83 / 227 - Copyright © Peplink
11.3 WAN Health Check
To ensure traffic is routed to healthy WAN connections only, the Peplink Balance canperiodically check
the health of each WAN connection.
Health Check settings for each WAN connection can be independently configured via Network >
Interfaces > WAN>Health Check Settings.
Enable Health Check by selecting PING, DNS Lookup, or HTTPfrom the Health Check Method drop-
down menu.
Health Check Settings
Method
This setting specifies the health check method for the WAN connection. Thisvalue can be
configured as Disabled, PING,or DNS Lookup. The default method is DNS Lookup.For
mobile Internet connections, the value of Method can be configured as Disabled or
SmartCheck.
Health Check Disabled
When
Disabled is chosen in the Method field, the WAN connection will always be considered as
up.The connection
will NOTbe treated as down in the event of IP routing errors.
Health Check Method: PING
ICMP
ping
packets will be issued to test the connectivity with a configurable target IP address or hostname. A WAN
connection is considered as up if pingresponses are received from either one or both of the pinghosts.
PING Hosts
This setting specifies IP addresses or hostnames with which connectivity is to be tested via
ICMP ping.If Use first two DNS servers as Ping Hosts is checked, the target pinghost will
be the first DNS server for the corresponding WAN connection.Reliable pinghosts with a
high uptime should be considered.By default, the first two DNS servers of the WAN
connection are used as the pinghosts.
Health Check Method: DNS Lookup
USER MANUAL
Peplink Balance Series
http://www.peplink.com -84 / 227 - Copyright © Peplink
DNS lookups will be issued to test connectivity with target DNS servers. The connection will be treated as up if DNS
responses are received from
one or both of the servers, regardless of whether the result was positive or
negative.
Health Check DNS
Servers
This field allows you to specify two DNS hosts’ IP addresses with which connectivity is to be
tested via DNS Lookup.
If Use first two DNS servers as Health Check DNS Servers is checked,the first two DNS
servers will be the DNS lookup targets for checking a connection's health. If the box is not
checked, Host 1 must be filled, whilea value for Host 2 is optional.
If Include public DNS servers is selected and no response is received from all specified
DNS servers, DNS lookups will also be issued to some public DNS servers. A WAN
connection will be treated as down only if there is also no response received from the public
DNS servers.
Connections will be considered as up if DNS responses are received from any one of the
health check DNS servers, regardless of a positive or negative result.By default, the first
two DNS servers of the WAN connection are used as the health check DNS servers.
Health Check Method: HTTP
HTTP connections will be issued to test the connectivity with configurable URLs and strings to match.
URL1
WAN Settings > WAN Edit > Health Check Settings >URL1
The URL will be retrieved when performing an HTTP health check. When String to Match
is left blank, a health check will pass if the HTTP return code is between 200 and 299
(Note: HTTP redirection codes 301 or 302 are treated as failures). When String to Match is
filled, a health check will pass if the HTTP return code is between 200 and 299 and if the
HTTP response content contains the string.
URL 2
WAN Settings > WAN Edit > Health Check Settings >
URL2
If
URL2 is also provided, a health check will pass if either one of the tests passed.
USER MANUAL
Peplink Balance Series
http://www.peplink.com -85 / 227 - Copyright © Peplink
Other Health Check Settings
Timeout
This setting specifies the timeoutin secondsfor ping/DNS lookup requests.The default
timeout is set to 5 seconds.
Health Check
Interval
This setting specifies the time interval
in seconds
between ping or DNS lookup requests.
Default
health check interval is 5 seconds.
Health Check
Retries
This setting specifies the number of consecutive ping/DNS lookup timeouts after which the
Peplink Balance is to treat the corresponding WAN connection as down. Default health
retries is set to 3.Using the default Health Retries setting of 3, the corresponding WAN
connection will be treated as down after three consecutive timeouts.
Recovery Retries
This setting specifies the number of consecutive successful ping/DNS lookup responses
that must be received before the Peplink Balance treats a previously down WAN connection
as up again. By default, Recover Retriesis set to 3.Using the default setting, a WAN
connection that is treated as down will be considered as up again upon receiving
threeconsecutive successful ping/DNS lookup responses.
Note
If a WAN connection goes down, all of the WAN connections not set with a Connection Type of Always-onwill also
be brought up until any one of higher priority WAN connections is up and found to be healthy. This design could
increase overall network availability.
For example, if WAN1, WAN2, and WAN3 have the connection types of Always-on, Backup Priority Group 1, and
Backup Priority Group 2, respectively, when WAN1 goes down, WAN2 and WAN3 will try to connect. If WAN3 is
connected first, WAN2 will still be kept connecting. If WAN2 is connected, WAN3 will disconnect or abort making
connection.
Automatic Public DNS Server Check on DNS Test Failure
When the health check method is set to DNS Lookup and checks fail, the Balance will automatically perform DNS
lookups on some public DNS servers. If the testsare successful, the WAN may not be down but rather the target
DNS server malfunctioned. You will see the following warning message on the main page:
USER MANUAL
Peplink Balance Series
http://www.peplink.com -86 / 227 - Copyright © Peplink
11.4 Bandwidth Allowance Monitor
The Bandwidth Allowance Monitor helps track your network usage.Please refer to section to view usage
statistics.
Bandwidth Allowance Monitor
Action
If Email Notification is enabled, you will be notified byemail when usage hits 75% and 95%
of the monthly allowance.
If Disconnect when usage hits 100% of monthly allowance is checked, this WAN
connection will be disconnected automatically when the usage hits the monthly allowance.
It will not resume connection unless this option has been turned off or the usage has been
reset when a new billing cycle starts.
Start Day
This option allows you to define which day
ofthe month each billing cycle begins.
Monthly Allowance
This field is for defining the maximum bandwidth usage allowed for the WAN connection
each month.
Disclaimer
Due to different network protocol overheads and conversions, the amount of data as reported by this Peplink device
is not representative of actual billable data usage as metered by your network provider. Peplink disclaims any
obligation or responsibility for any events arising from the use of the numbers shown here.
USER MANUAL
Peplink Balance Series
http://www.peplink.com -87 / 227 - Copyright © Peplink
11.5 Additional Public IP Settings
Additional Public IP Settings
IP Address List
IP Address List represents the list of fixed Internet IP addresses assigned by the ISP in the
event that more than one Internet IP addressis assigned to this WAN connection.Enter the
fixed Internet IP addresses and the corresponding subnet mask, and then click the Down
Arrow button to populate IP address entries to the IP Address List.
USER MANUAL
Peplink Balance Series
http://www.peplink.com -88 / 227 - Copyright © Peplink
11.6 Dynamic DNS Settings
The Peplink Balance allows registeringdomain name relationships to dynamic DNS service providers.
Through registration with dynamic DNS service provider(s), the default public Internet IP address of each
WAN connection can be associated with a hostname. With dynamic DNS service enabled for a WAN
connection, you can connect to your WAN's IP address externally even if its IP address is dynamic. You
must register for an account from the listed dynamic DNS service providers before enabling this option.
If the WAN connection's IP address is a reserved private IP address (i.e., behind a NAT router), the public
IP of each WAN will be automatically reported to the DNS service provider.
Either upon a change in IP addresses or every 23 days without link reconnection, the Peplink Balance will
connect to the dynamic DNS service provider to update the provider’sIP address records.
The settings for dynamic DNS service provider(s) and the association of hostname(s) are configured via
Network > Interfaces > WAN > Dynamic DNS Settings.
If your desired provider is not listed, you may check with DNS-O-Matic. This service supports updating 30
other dynamic DNS service providers. (Note: Peplink is not affiliated with DNS-O-Matic.)
USER MANUAL
Peplink Balance Series
http://www.peplink.com -89 / 227 - Copyright © Peplink
Dynamic DNS Settings
Service Provider
This setting specifies the dynamic DNS service provider to be used for the WAN.
Supported providers are:
· changeip.com
· dyndns.org
· no-ip.org
· tzo.com
· DNS-O-Matic
Select Disabled to disable this feature.
User ID / User / Email
This setting specifies the registered user name for the dynamic DNS service.
Password / Pass / TZO
Key
This setting specifies the password for the dynamic DNS service.
Hosts / Domain
This setting specifies a list of hostnames or domains to be associated with the public
Internet IP address of the WAN connection.
Important Note
In order to use dynamic DNS services, appropriate hostname registration(s), as well as a valid account with a
supported dynamic DNS service provider, are required.
A dynamic DNS update is performed whenever a WAN’s IP address is changed,such as when an IP is changed
after a DHCP IP refresh orreconnection.
Due to dynamic DNS service providers’ policies, a dynamic DNS host expires automatically whenthe host record
has not beennot updated for a long time. Therefore, thePeplink Balance performs an update every 23 days,even if a
WAN’s IP address did not change.
USER MANUAL
Peplink Balance Series
http://www.peplink.com -90 / 227 - Copyright © Peplink
12 Bandwidth Bonding SpeedFusionTM
(Available onthe Peplink Balance 210+)
Peplink BalanceBandwidth Bonding SpeedFusionTMfunctionality securely connectsone or more branch
offices to your company's main headquarters or to other branches. The data, voice, andvideo
communications between these locations are kept confidential across the public Internet.
The Bandwidth Bonding SpeedFusionTM of the Peplink Balance is specifically designed for multi-WAN
environments. The Peplink Balance canbond all WAN connections’ bandwidth for routingSpeedFusionTM
traffic. Unless all the WAN connections of one site are down, the Peplink Balance cankeep the VPN up
and running.Bandwidth Bonding is enabled by default.
12.1 SpeedFusionTMSettings
Peplink Balance 380, 580,710, 1350 and 2500 supportmaking multiple SpeedFusionTMconnections with a
remote Peplink Balance 210, 310, 380, 580, 710, 1350, 2500, or a Pepwave MAXmobile router.The
Peplink Balance 210 and 310 support making two SpeedFusionTMconnections with a remote Peplink
Balance 210, 310, 380, 580, 710, 1350, 2500, or a Pepwave MAX mobile router.
A Peplink Balance that supports multiple VPN connections can act as a central hub which connects
branch offices. For example, if branch office A and branch office B make VPN connections to
headquarters C, both branch office LAN subnetsand the subnets behind them(i.e., static routes) will also
be advertised to the headquarters C and the other branches.So branch office A will be able to access
branch office B via headquarters C in this case.
The local LAN subnet and subnets behind the LAN (defined under Static Route on the LAN settings
page) will be advertised to the VPN. All VPN members (branch offices and headquarters) will be able to
route to local subnets.
Note that all LAN subnets and the subnets behind themmust be unique. Otherwise, VPN members will
not be able to access each other.
All data can be routed over the VPN with 256-bit AES encryption standard.To configure this, navigate to
Network >SpeedFusionTM.
USER MANUAL
Peplink Balance Series
http://www.peplink.com -91 / 227 - Copyright © Peplink
To configure a new SpeedFusionTM profile, navigate to Network >SpeedFusionTM>New Profile
This will open a page similar to the one as shown below:
USER MANUAL
Peplink Balance Series
http://www.peplink.com -92 / 227 - Copyright © Peplink
A list of definedSpeedFusionTMconnection profiles and aLink Failure Detection Time option will be
shown.Click the New Profile button to create a new VPN connection profile for making a VPN connection
to a remote Peplink Balance via the available WAN connections.Each profile is for making a VPN
connection with one remote Peplink Balance.
PepVPN Profile Settings
Name
This field is for specifying a name to represent this profile. The name can be any
combination of alphanumeric characters (0-9, A-Z, a-z), underscores (_), dashes (-), and/or
non-leading/trailing spaces ( ).
Active
When this box is
checked, this VPN connection profile
will be enabled. Otherwise, it will be
disabled.
SpeedFusion TM
This field indicates weather this device supports SpeedFusion or not.
Encryption
By default, VPN traffic is encrypted with
256-bit AES. If Off
is selected on both sides of a
VPN connection, no encryption will be applied.
Remote ID
To allow the Peplink Balance to establisha VPN connection with a specific remote peer
using a unique identifying number, enter the peer’sID or serial number here.
Authentication
Select from By Remote ID Only, Preshared Key, or X.509 to specify the method the
Peplink Balance will use to authenticate peers. When selecting By Remote ID Only, be
sure to enter a unique peer ID number in the Remote ID field.
USER MANUAL
Peplink Balance Series
http://www.peplink.com -93 / 227 - Copyright © Peplink
Pre-
shared Key
This optional field becomes available when Pre-shared Key is selected as the Peplink
Balance’s VPN Authentication method, as explained above. Pre-shared Key defines the
pre-shared key used for this particular VPN connection. The VPN connection's session key
will be further protected by the pre-shared key. The connection will be up only if the pre-
shared keys on each side match.When the peer is running firmware 5.0+, this setting will
be ignored. If you would like to prevent the display of the pre-shared key, check Hide
Characters.
X.509
This optional field becomes available when X.509 is selected as the Peplink Balance’s
VPN authentication method, as explained above. To authenticate VPN connections using
X.509 certificates, copy and paste certificate details into this field. To get more information
on a listed X.509 certificate, click the Show Details link below the field.
NAT Mode
Check this box to allow the local DHCP server to assign an IP address to the remote peer.
When NAT Mode is enabled, all remote traffic over the
VPN will be tagged with the
assigned IP address using network address translation.
Remote
IP Address
/ Host Names
(Optional)
If NAT Mode is not enabled, you can enter a remote peer’s WAN IP address or
hostname(s) here. If the remote uses more than one address, enter only one of them here.
Multiple hostnames are allowed and can be separated by a space character or carriage
return. Dynamic-DNS host names are also accepted.
This field is optional. With this field filled, the Peplink Balance will initiate connection to
each of the remote IP addressesuntil it succeeds in making a connection. If the field is
empty, the Peplink Balance will wait for connection from the remote peer. Therefore, at
least one of the two VPN peers must specify this value. Otherwise, VPN connections
cannot be established.
Data Port
This field is used to specify a UDP port number for transporting outgoing VPN data. If
Default
is selected, UDP port 4500 will be used. Port 32015 will be used if the remote unit
uses Firmware prior to version 5.4 or if port 4500 is unavailable. If
Custom
is selected,
enter an outgoing port number from 1 to 65535.
Layer 2 BridgingA
To make this option visible, click the question mark icon appearing at the top right of the
PepVPN Profile settings section, and then click the displayed link.
When this check box is unchecked, traffic between local and remote networks will be IP
forwarded.To bridge the Ethernet network of an Ethernet port on a local and remote
network, select Layer 2 Bridging. When this check box is selected, the two networks will
become a single LAN, and any broadcast (e.g., ARP requests) or multicast traffic (e.g.,
Bonjour) will be sent over the VPN.
Bridge PortA
When Layer 2 bridging is enabled, this field specifies the port to be bridged to the remote
site.If you choose WAN, the selected WAN will be dedicated to bridging with the remote
site and will be disabled for WAN purposes. The LAN port will remain unchanged.
VLAN TaggingA
This field specifies the VLAN ID with which the VPN's traffic should be tagged before
sending the traffic to the bridge port. If no VLAN tagging is needed, select No VLAN. To
define a new VLAN ID, click More... and input the VLAN ID. VLAN IDs that are not
referenced by any VPN profiles will be removed from the list automatically. The default
value for this field isNo VLAN.
STPA
Checking this box enables spanning tree protocol, used to prevent loops in bridged
Ethernet LANs.
Preserve LAN
The LAN port is chosen as the bridge port. Selecting this option preserves LAN settings
USER MANUAL
Peplink Balance Series
http://www.peplink.com -94 / 227 - Copyright © Peplink
Settings Upon
ConnectedA
(e.g., LAN port IP address, DHCP server, etc.) when the Layer 2 VPN is connected.
Uncheck this option if the LAN IP address and gateway will use remote LAN settings.
Check this option if the LAN IP address and local DHCP server should remain unchanged
after the VPN is up.If you choose not to preserve LAN settings when the VPN is
connected, the device will not act as a router and most Layer 3 routing functions will cease
to work.
ConfigureA
This setting specifies how a management IP address is acquired for the bridge port in the
specified VLAN (if defined) when the Layer 2 bridge is connected. Choosing As None will
result in no IP address being assigned to the bridge port for the Layer 2 connection.
A - Advanced feature, please click the button on the top right hand corner to activate.
WAN Connection Priority
WAN Connection
Priority
These settings specify the priority of the WAN connections to be used in making VPN
bonding connections. A WAN connection will never be used when OFF is selected. Only
available WAN connections with the highest priority will be utilized.
To allow connection mapping to remote WANs. click the question mark icon found at the
top right of this section, and then click the displayed link to reveal the Connect to Remote
drop-down menu.
Send All Traffic To
This feature allows you to redirect all traffic to a specified PepVPN connection. Click the button to select your
connection and the following menu will appear:
You could also specify a DNS server to resolve incoming DNS requests
USER MANUAL
Peplink Balance Series
http://www.peplink.com -95 / 227 - Copyright © Peplink
Link Failure Detection
Link Failure
Detection Time
The bonded VPN can detect routing failures on the path between two sites over each WAN
connection. Failed WAN connections will not be used to route VPN traffic. Health check
packets are sent to the remote unit to detect any failure. The more frequently checks are
sendt, the shorter the detection time, althoughmore bandwidth will be consumed.
When Recommended (default) is selected, a health check packet is sent every five
seconds, and the expected detection time is 15 seconds.
When Fast is selected, a health check packet is sent every three seconds, and the
expected detection time is six seconds.
When Faster is selected, a health check packet is sent every second, and the expected
detection time is two seconds.
When Extreme is selected, a health check packet is sent every 0.1 second, and the
expected detection time is less than one second.
Important Note
Peplink proprietary SpeedFusionTM usesTCP port 32015 and UDP port 4500 for establishing VPN connections. If
you have a firewall in front of your Peplink Balance devices, you will need to add firewall rules for these ports and
protocols to allow inbound and outbound traffic to pass through the firewall.
Tip
Watch a video walkthrough of setting up a SpeedFusionTMVPN on our YouTube Channel!
http://youtu.be/xNaq13FWu_g
USER MANUAL
Peplink Balance Series
http://www.peplink.com -96 / 227 - Copyright © Peplink
12.2 The Peplink Balance Behind a NAT Router
The Peplink Balance supports establishing SpeedFusionTM over WAN connections which are behind a
NAT (network address translation) router.
To enable a WAN connection behind a NAT router to accept VPN connections, you can configure the
NAT router in front of the WAN connection to inbound port-forward TCP port 32015 to the Peplink
Balance.
If one or more WAN connections onUnit A can accept VPN connections (by means of port forwarding or
not) while none of the WAN connections on the peer Unit B can do so, you should enterall of Unit A’s
public IP addresses or hostnames into Unit B’sRemoteIP Addresses / Host Namesfield. Leave the field
in Unit A blank. With thissetting, a SpeedFusionTMconnection can be set up and all WAN connections on
both sides will be utilized.
See the following diagram for an example of this setup in use:
One of the WANs connected toBalance A is non-NAT’d (212.1.1.1). The rest of the WANs connected
toBalance A and all WANs connected toBalance B are NAT’d. In thiscase, the Peer IP Addresses / Host
Names field forBalance B should be filled with all of Balance A’s hostnames or public IP addresses (i.e.,
212.1.1.1, 212.2.2.2, and 212.3.3.3), and the field in Balance A can be left blank. The two NAT routers on
WAN1 and WAN3 connected to Balance A should inbound port-forward TCP port 32015 to Balance A so
that all WANs will be utilizedin establishing the VPN.
USER MANUAL
Peplink Balance Series
http://www.peplink.com -97 / 227 - Copyright © Peplink
12.3 SpeedFusionTM Status
SpeedFusionTM Status is shown in the Dashboard. The connection status of each connection profile is
shownas below.
SpeedFusionTM connection status is also shown on the LCD panel of the Peplink Balance 380, 580, 710,
1350, and 2500.
After clicking the Details button at the topright corner of the SpeedFusionTM table, you will be forwarded
to Status >SpeedFusionTM, where you can view subnet and WAN connection information for each VPN
peer.Please refer to section for details.
IP Subnets Must Be Unique Among VPN Peers
The entire interconnected SpeedFusionTM network is asingle non-NAT IP network. Avoid duplicating subnets in
your sites to prevent connectivity problems when accessing those subnets.
USER MANUAL
Peplink Balance Series
http://www.peplink.com -98 / 227 - Copyright © Peplink
13 IPsec VPN
Peplink Balance IPsec VPN functionality securely connects one or more branch offices to your company's
main headquarters or to other branches. Data, voice, andvideo communications between these locations
are kept safe and confidential across the public Internet.
IPsecVPN onthe Peplink Balance is specially designed for multi-WAN environments. For instance, if a
user sets up multiple IPsec profiles for his multi-WAN environment and WAN1 is connected and healthy,
IPsec traffic will go through this link. However, should unforeseen problems (e.g.,unplugged cables or ISP
problems) cause WAN1 to go down, our IPsec implementation will make use of WAN2 and WAN3 for
failover.
13.1 IPsec VPN Settings
All Peplink products can makemultiple IPsec VPN connections with Peplink routers, as well as Cisco
andJuniper routers.
Note that all LAN subnets and the subnets behind themmust be unique. Otherwise, VPN members will
not be able to access each other.
All data can be routed over the VPN with a selection of encryption standards, such as 3DES, AES-128,
and AES-256.
To configure, navigate to Network >IPsec VPN.
A NAT-Traversal option and list of definedIPsecVPNprofiles will be shown.
NAT-Traversalshould be enabled if your system is behind a NAT router.
Click the NewConnection button to create new IPsec VPN profiles that make VPN connections to remote
Peplink Balance, Cisco, or Juniper Routers via available WAN connections. To edit any of the profiles,
click on its associated connection name in the leftmost column.
USER MANUAL
Peplink Balance Series
http://www.peplink.com -99 / 227 - Copyright © Peplink
IPsec VPN Settings
Name
This field is for specifying a local name to represent this connection profile.
Active
When this box is checked, this IPsec VPN connection profile will be enabled.
Otherwise, it will be disabled.
Remote Gateway IP
Address
Enter the remote peer’s public
IP address.For Aggressive Mode, this is optional.
Local Networks
Enter the local LAN subnets here. If you have defined static routes, they will be shown
here.
Remote Networks
Enter the LAN and subnets that are located at the remote site here.
Authentication
To access your VPN, clients will need to authenticate by your choice of methods.
USER MANUAL
Peplink Balance Series
http://www.peplink.com -100 / 227 - Copyright © Peplink
Choose between the Preshared Key and X.509 methods of authentication.
Mode
Choose Main Mode if both IPsec peers use static IP addresses.
Choose Aggressive Mode if one of the IPsec peers uses dynamic IP addresses.
Force UDP
Encapsulation
For
forced UDP encapsulation regardless of NAT-traversal, tick this checkbox.
Pre-
shared Key
This defines the peer authentication pre-shared key used to authenticate this VPN
connection. The connection will be up only if the pre-shared keys on each side match.
Local ID
InMain Mode, this field can be left blank.
InAggressive Mode, if Remote Gateway IP Addressis filled on this end and the peer
end, this field can be left blank. Otherwise, this field is typically a U-FQDN.
Remote ID
InMain Mode, this field can be left blank.
InAggressive Mode, if Remote Gateway IP Addressis filled on this end and the peer
end, this field can be left blank. Otherwise, this field is typically a U-FQDN.
Phase 1 (IKE)
Proposal
InMain Mode, this allows setting up to sixencryption standards, in descending order of
priority, to be used in initial connection key negotiations.
InAggressive Mode, only one selection is permitted.
Phase 1
DH Group
This is the Diffie-Hellman group used within IKE. This allows two parties to establish a
shared secret over an insecure communications channel. The larger the group
number, the higher the security.
Group 2 - 1024-bit is the default value.
Group 5 - 1536-bit is the alternative option.
Phase 1 SA Lifetime
This setting specifies the lifetime limit of this Phase 1 Security Association. By default,
it is set at 3600 seconds.
Phase 2 (ESP)
Proposal
InMain Mode, this allows setting up to sixencryption standards, in descending order of
priority, to be used for the IP data that is being transferred.
InAggressive Mode, only one selection is permitted.
Phase 2 PFS Group
Perfect forward secrecy (PFS) ensures that if a key was compromised, the attacker will
be able to access only the data protected by that key.
None - Do not request for PFS when initiating connection. However, since there is no
valid reason to refuse PFS, the system will allow the connection to use PFS if
requested by the remote peer. This is the default value.
Group 2 - 1024-bit Diffie-Hellman group. The larger the group number, the higher the
security.
Group 5 - 1536-bit is the third option.
Phase 2 SA Lifetime
This setting specifies the lifetime limit of this Phase 2 Security Association. By default,
it is set at 28800 seconds.