[NEBULA] How to establish Site to Site IPSec VPN between Nebula Devices (NSGs) ?

Nebula_CSO
Nebula_CSO Posts: 161  Zyxel Employee
edited August 3 in Nebula Security Gateway
Prerequisite:
LAN (Private subnet) Networks cannot overlap between each site

Scenario 1 : Setup site to site VPN between Nebula devices (eg: NSG100 and NSG200) under the same organization
zhsmvmzfe05x.jpg


Configure Site to Site IPSec VPN on NSG200 in NSG200 site
1. Security gateway > Configure > Site-to-Site VPN
zt2xymn17rnb.jpg


2. Select Outgoing interface and toggle on LAN1
1v93mv1y81wg.jpg


3. Toggle on Nebula VPN enable, select Site-to-Site for Nebula VPN topology and save configuration
wcjoqbhtvz81.jpg


Configure Site to Site IPSec VPN on NSG100 in test Jason NSG100 site
4. Security gateway > Configure > Site-to-Site VPN
oauyxybaqjob.jpg


5. Select Outgoing interface and toggle on LAN1
a9rc3uuzp3m7.jpg


6. Toggle on Nebula VPN enable, select Site-to-Site for Nebula VPN topology and save configuration
2zv0v3fdmdbg.jpg


7. Result of VPN IPsec Connection between Nebula Devices under same organization
  • VPN Site to Site Connect will take 5 minutes to take effect after correct configuration
  • Security gateway > Monitor > VPN connection in NSG200 Site
r7tlbkgrsazv.jpg
  • Security gateway > Monitor > VPN connection test Jason NSG100 Site
6g9bsamunwbf.jpg


Scenario 2 : Setup site to site VPN between Nebula devices under the different organizations
Please refer to this post.