How do I enable SNAT for Site2Site IPsec VPN in Nebula

Rix
Rix Posts: 18
First Comment Friend Collector
 Freshman Member
edited November 5 in Nebula
This is USG Flex 200. I found instructions for stand-alone here,but cannot find how to do it in Nebula. It is a necessary feature for the environment.  https://mysupport.zyxel.com/hc/en-us/articles/360003321659--ZyWALL-USG-How-to-configure-VPN-SNAT-on-Zyxel-gateways

All Replies

  • Zyxel_Emily
    Zyxel_Emily Posts: 958
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments
     Guru Member
    Hi @Rix,
    If all USG FLEX devices are managed by nebula, nebula control center will assign different IP subnets for different sites. Hence, you don't need SNAT for site to site IPSec VPN because there is no IP subnet conflict issue. Do you need SNAT feature for Non-Nebula VPN peers?
  • Rix
    Rix Posts: 18
    First Comment Friend Collector
     Freshman Member
    Yes. It is non Nebula. I talked to support, not available at this time. Have to factory default and set up in native mode.  Or I can change local subnet, or use Lan2 and 2nd Nic in server. 

Nebula Tips & Tricks