User's Manual

USER MANUAL
Peplink Balance Series
http://www.peplink.com -93 / 227 - Copyright © Peplink
Pre-
shared Key
This optional field becomes available when Pre-shared Key is selected as the Peplink
Balance’s VPN Authentication method, as explained above. Pre-shared Key defines the
pre-shared key used for this particular VPN connection. The VPN connection's session key
will be further protected by the pre-shared key. The connection will be up only if the pre-
shared keys on each side match.When the peer is running firmware 5.0+, this setting will
be ignored. If you would like to prevent the display of the pre-shared key, check Hide
Characters.
X.509
This optional field becomes available when X.509 is selected as the Peplink Balance’s
VPN authentication method, as explained above. To authenticate VPN connections using
X.509 certificates, copy and paste certificate details into this field. To get more information
on a listed X.509 certificate, click the Show Details link below the field.
NAT Mode
Check this box to allow the local DHCP server to assign an IP address to the remote peer.
When NAT Mode is enabled, all remote traffic over the
VPN will be tagged with the
assigned IP address using network address translation.
Remote
IP Address
/ Host Names
(Optional)
If NAT Mode is not enabled, you can enter a remote peer’s WAN IP address or
hostname(s) here. If the remote uses more than one address, enter only one of them here.
Multiple hostnames are allowed and can be separated by a space character or carriage
return. Dynamic-DNS host names are also accepted.
This field is optional. With this field filled, the Peplink Balance will initiate connection to
each of the remote IP addressesuntil it succeeds in making a connection. If the field is
empty, the Peplink Balance will wait for connection from the remote peer. Therefore, at
least one of the two VPN peers must specify this value. Otherwise, VPN connections
cannot be established.
Data Port
This field is used to specify a UDP port number for transporting outgoing VPN data. If
Default
is selected, UDP port 4500 will be used. Port 32015 will be used if the remote unit
uses Firmware prior to version 5.4 or if port 4500 is unavailable. If
Custom
is selected,
enter an outgoing port number from 1 to 65535.
Layer 2 Bridging
A
To make this option visible, click the question mark icon appearing at the top right of the
PepVPN Profile settings section, and then click the displayed link.
When this check box is unchecked, traffic between local and remote networks will be IP
forwarded.To bridge the Ethernet network of an Ethernet port on a local and remote
network, select Layer 2 Bridging. When this check box is selected, the two networks will
become a single LAN, and any broadcast (e.g., ARP requests) or multicast traffic (e.g.,
Bonjour) will be sent over the VPN.
Bridge Port
A
When Layer 2 bridging is enabled, this field specifies the port to be bridged to the remote
site.If you choose WAN, the selected WAN will be dedicated to bridging with the remote
site and will be disabled for WAN purposes. The LAN port will remain unchanged.
VLAN Tagging
A
This field specifies the VLAN ID with which the VPN's traffic should be tagged before
sending the traffic to the bridge port. If no VLAN tagging is needed, select No VLAN. To
define a new VLAN ID, click More... and input the VLAN ID. VLAN IDs that are not
referenced by any VPN profiles will be removed from the list automatically. The default
value for this field isNo VLAN.
STP
A
Checking this box enables spanning tree protocol, used to prevent loops in bridged
Ethernet LANs.
Preserve LAN
The LAN port is chosen as the bridge port. Selecting this option preserves LAN settings