The Auto-Link VPN scenario






Scenario:
When establishing a VPN with a third-party gateway (Such like Check Point or Fortigate), you need to use auto-link VPN (previously called non-nebula VPN).
In fact, after completing the connection by following the default profile, the Phase 2 Local Policy will only set the first subnet, which may cause traffic from other subnets to be blocked.
For example:
In this case, Local Policy will only set to "192.168.1.0/24"
But you may have requirements for other subnet traffic like 192.168.3.0/24.
Answer:
We recommend using a route-based VPN on Nebula.
1)Please modify IPSec Policy "Custom"
And give the VPN tunnel interface
In this case, Local Policy will be "0.0.0.0/0". Firewall would allow other subnets into Tunnel after you completed the next routing setup.
2)Click Routing, and set the correct Policy Route.
For example:
Source Address: 192.168.3.0/24
Destination Address: Peer Subnet
Next-hop: VPN profile
Categories
- All Categories
- 431 Beta Program
- 2.6K Nebula
- 170 Nebula Ideas
- 114 Nebula Status and Incidents
- 6K Security
- 385 USG FLEX H Series
- 294 Security Ideas
- 1.5K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 42 Wireless Ideas
- 6.7K Consumer Product
- 267 Service & License
- 412 News and Release
- 87 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.9K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 83 Security Highlight