How to establish Hub and Spoke VPN between Nebula Devices (USG FLEX & NSG)?

Zyxel_Adam · September 2021

In the Hub-and-Spoke VPN topology, there is a VPN connection between each spoke router and the hub router, which uses the VPN concentrator. The VPN concentrator routes VPN traffic between the spoke routers and itself.

Scenario: Setup Hub and Spoke VPN between USG FLEX and NSG devices under the same organization.

1. Configure Hub and Spoke VPN on devices.
(Refer to USG FLEX on the left and NSG on the right.)

Image: https://us.v-cdn.net/6029482/uploads/editor/3g/7aqb0h12gh95.png

2. Select correct outgoing interface and toggle "Use VPN" on local interface that needs to be added to VPN tunnel.

Image: https://us.v-cdn.net/6029482/uploads/editor/8r/jmsn08j62yza.png

3. Enable Nebula VPN and choose Hub-and-Spoke for Nebula VPN topology.

Image: https://us.v-cdn.net/6029482/uploads/editor/me/9tlwrrqa22ly.png

(If you would not like to establish a VPN tunnel between spokes, keep it as disabled.)

4. Repeat step 1 to step 3 for all sites.

5. Check VPN connection result on Hub and spokes.

Site: USG FLEX 100W

Image: https://us.v-cdn.net/6029482/uploads/editor/9o/mt9gjsjfifzz.png

Site: NSG50

Site: NSG50_2

Image: https://us.v-cdn.net/6029482/uploads/editor/o1/v4qf8vbhxozg.png

Note: If you would like to build a Site to Site VPN in different organizations, please refer to this post.

How to establish Hub and Spoke VPN between Nebula Devices (USG FLEX & NSG)?

Categories