Help setting up a site-to-site VPN with VTI
Options
Hi all,
I need to set up a route-based site-to-site VPN from my ZyWall 310 with a supplier company so they can provide some services to us. This is not my skill area so I'm feeling my way and looking for some help!
The supplier has sent me details and it will be connecting to Azure so I have been using the guide here How to Configure Route-based IPsec VPN to Azure (VTI over IKEv2/IPSec) — Zyxel Community .
The supplier has sent me these details - a public IP address for the gateway, a remote subnet 10.x.x.x/24 and a pre-shared key.
I think I've done the VPN Gateway and VPN Connection setup OK but I am now at Step 3 in the ZyWall instructions (Create VTI Interface) and have hit a snag - I am not sure what I should put in the IP Address and Subnet Mask boxes. I assumed it should be the remote subnet sent to me by the third party but when I do that it is not accepted and I get a message saying "Tunnel address setting cannot be the same as sub-network address".
I don't understand that as I have not, to my knowledge, used that address anywhere else. Am I using the wrong thing? Can anyone help please?
Thanks.
I need to set up a route-based site-to-site VPN from my ZyWall 310 with a supplier company so they can provide some services to us. This is not my skill area so I'm feeling my way and looking for some help!
The supplier has sent me details and it will be connecting to Azure so I have been using the guide here How to Configure Route-based IPsec VPN to Azure (VTI over IKEv2/IPSec) — Zyxel Community .
The supplier has sent me these details - a public IP address for the gateway, a remote subnet 10.x.x.x/24 and a pre-shared key.
I think I've done the VPN Gateway and VPN Connection setup OK but I am now at Step 3 in the ZyWall instructions (Create VTI Interface) and have hit a snag - I am not sure what I should put in the IP Address and Subnet Mask boxes. I assumed it should be the remote subnet sent to me by the third party but when I do that it is not accepted and I get a message saying "Tunnel address setting cannot be the same as sub-network address".
I don't understand that as I have not, to my knowledge, used that address anywhere else. Am I using the wrong thing? Can anyone help please?
Thanks.
0
All Replies
-
Hello @SMarkGThe device will automatically detect if the VTI IP/Mask is in conflict with any local subnet. Actually, you can change it to any other IP/Mask as long as it's not in conflict with any local subnet, not change it to the remote subnet.James0
Zyxel Employee
Categories
- All Categories
- 384 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 80 Nebula Status and Incidents
- 5.1K Security
- 74 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 210 Service & License
- 333 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 886 Nebula FAQ
- 415 Security FAQ
- 228 Switch FAQ
- 198 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 63 Security Highlight
