[NEBULA] How to establish Site to Site IPSec VPN between Nebula Devices (NSGs) ?

Zyxel_CSO

Prerequisite:
LAN (Private subnet) Networks cannot overlap between each site

Scenario 1 : Setup site to site VPN between Nebula devices (eg: NSG100 and NSG200) under the same organization



Configure Site to Site IPSec VPN on NSG200 in NSG200 site
1. Configure > Security gateway > Site-to-Site VPN


2. Select Outgoing interface and toggle on LAN1




3. Toggle on Nebula VPN enable, select Site-to-Site for Nebula VPN topology and save configuration



Configure Site to Site IPSec VPN on NSG100 in test Jason NSG100 site
4. Configure > Security gateway > Site-to-Site VPN


5. Select Outgoing interface and toggle on LAN1




6. Toggle on Nebula VPN enable, select Site-to-Site for Nebula VPN topology and save configuration



7. Result of VPN IPsec Connection between Nebula Devices under same organization

• VPN Site to Site Connect will take 5 minutes to take effect after correct configuration
• Monitor > Security gateway > VPN connection in NSG200 Site

• Monitor > Security gateway > VPN connection test Jason NSG100 Site

Scenario 2 : Setup site to site VPN between Nebula devices under the different organizations
Please refer to this post.