How to configure site to site VPN with multiple subnets between ZLD and uOS using route-based?
This example shows how to use the VPN Setup Wizard to create a site-to-site VPN with the Peer gateway is ZLD device using route-based VPN. And there are multiple subnets can commuicate each other
The example instructs how to configure the VPN tunnel between each site. When the VPN tunnel is configured, each site can be accessed securely.
Set up IPSec VPN Tunnel for uOS
VPN > IPSec VPN > Site to Site VPN > Configuration > Add to access configuration page
VPN > IPSec VPN > Site to Site VPN > Scenario
Type the VPN name used to identify this VPN connection. Select the type to the Site-to-Site. Click Next
.
VPN > IPSec VPN > Site to Site VPN > Scenario > Network
Configure My Address and Peer Gateway Address. Click Next.
VPN > IPSec VPN > Site to Site VPN > Scenario > Network > Authentication
Type a secure Pre-Shared Key. Click Next
VPN > IPSec VPN > Site to Site VPN > Scenario > Network > Authentication > Policy & Routing
Set "Route-Based" Type and define the one Remote Subnet. And change the VTI address as you want.
VPN > IPSec VPN > Site to Site VPN > Scenario > Network > Authentication > Policy & Routing > Summary
The screen provides a summary of the VPN tunnel. You can Edit it if you want to modify.
Object > Address > Address Group
Create an Address Group and add Peer Subnets 192.168.1.0/24 , 192.168.2.0/24
Network > Routing > Policy Route
The static route will be added automatically, We take policy route as an example
Enforce source from 192.168.168.0/24 192.168.169.0/24 to PeerGroup through VTI
Set up IPSec VPN Tunnel for ZLD
VPN > IPSec VPN > VPN Gateway
Select the WAN interface and type the Peer Gateway Address.
Type Pre-shared Key. The default proposal which created by wizard is
“Encryption:AES128, Authentication:SHA1, Key Group:DH2”. Those are the same as uOS.
VPN > IPSec VPN > VPN Connection
Select VPN Gateway as "VPN Tunnel Interface" and select the correct phase1 profile
The default proposal which created by wizard is
“Encryption:AES128, Authentication:SHA1, Key Group:DH2”. Those are the same as uOS.
Network > Interface > VTI
Create VTI interface and assign vpn-rule of route based
Object > Address/Geo IP > Address Group
Create an Address Group and add Peer Subnets 192.168.168.0/24 , 192.168.169.0/24
Network > Routing > Policy Route
Enforce source from 192.168.1.0/24 192.168.2.0/24 to PeerGroup through VTI
Test IPSec VPN Tunnel
Go to VPN Status > IPSec VPN
Verify the IPSec VPN status
Test ping to 192.168.1.0/24 from uOS site
Test ping to 192.168.2.0/24 from uOS site
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 146 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight