Help setting up a site-to-site VPN with VTI

Hi all,

I need to set up a route-based site-to-site VPN from my ZyWall 310 with a supplier company so they can provide some services to us. This is not my skill area so I'm feeling my way and looking for some help!

The supplier has sent me details and it will be connecting to Azure so I have been using the guide here How to Configure Route-based IPsec VPN to Azure (VTI over IKEv2/IPSec) — Zyxel Community .

The supplier has sent me these details - a public IP address for the gateway, a remote subnet 10.x.x.x/24 and a pre-shared key.

I think I've done the VPN Gateway and VPN Connection setup OK but I am now at Step 3 in the ZyWall instructions (Create VTI Interface) and have hit a snag - I am not sure what I should put in the IP Address and Subnet Mask boxes. I assumed it should be the remote subnet sent to me by the third party but when I do that it is not accepted and I get a message saying "Tunnel address setting cannot be the same as sub-network address".

I don't understand that as I have not, to my knowledge, used that address anywhere else. Am I using the wrong thing? Can anyone help please?


All Replies

  • Zyxel_James
    Zyxel_James Posts: 626  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hello @SMarkG
    The device will automatically detect if the VTI IP/Mask is in conflict with any local subnet. Actually, you can change it to any other IP/Mask as long as it's not in conflict with any local subnet, not change it to the remote subnet.


Security Highlight