Help setting up a site-to-site VPN with VTI
Freshman Member
Hi all,
I need to set up a route-based site-to-site VPN from my ZyWall 310 with a supplier company so they can provide some services to us. This is not my skill area so I'm feeling my way and looking for some help!
The supplier has sent me details and it will be connecting to Azure so I have been using the guide here How to Configure Route-based IPsec VPN to Azure (VTI over IKEv2/IPSec) — Zyxel Community .
The supplier has sent me these details - a public IP address for the gateway, a remote subnet 10.x.x.x/24 and a pre-shared key.
I think I've done the VPN Gateway and VPN Connection setup OK but I am now at Step 3 in the ZyWall instructions (Create VTI Interface) and have hit a snag - I am not sure what I should put in the IP Address and Subnet Mask boxes. I assumed it should be the remote subnet sent to me by the third party but when I do that it is not accepted and I get a message saying "Tunnel address setting cannot be the same as sub-network address".
I don't understand that as I have not, to my knowledge, used that address anywhere else. Am I using the wrong thing? Can anyone help please?
Thanks.
I need to set up a route-based site-to-site VPN from my ZyWall 310 with a supplier company so they can provide some services to us. This is not my skill area so I'm feeling my way and looking for some help!
The supplier has sent me details and it will be connecting to Azure so I have been using the guide here How to Configure Route-based IPsec VPN to Azure (VTI over IKEv2/IPSec) — Zyxel Community .
The supplier has sent me these details - a public IP address for the gateway, a remote subnet 10.x.x.x/24 and a pre-shared key.
I think I've done the VPN Gateway and VPN Connection setup OK but I am now at Step 3 in the ZyWall instructions (Create VTI Interface) and have hit a snag - I am not sure what I should put in the IP Address and Subnet Mask boxes. I assumed it should be the remote subnet sent to me by the third party but when I do that it is not accepted and I get a message saying "Tunnel address setting cannot be the same as sub-network address".
I don't understand that as I have not, to my knowledge, used that address anywhere else. Am I using the wrong thing? Can anyone help please?
Thanks.
0
All Replies
-
Hello @SMarkGThe device will automatically detect if the VTI IP/Mask is in conflict with any local subnet. Actually, you can change it to any other IP/Mask as long as it's not in conflict with any local subnet, not change it to the remote subnet.James1
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 151 Nebula Ideas
- 98 Nebula Status and Incidents
- 5.7K Security
- 277 USG FLEX H Series
- 277 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.4K Consumer Product
- 250 Service & License
- 395 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 75 Security Highlight
