The Auto-Link VPN scenario






Scenario:
When establishing a VPN with a third-party gateway (Such like Check Point or Fortigate), you need to use auto-link VPN (previously called non-nebula VPN).
In fact, after completing the connection by following the default profile, the Phase 2 Local Policy will only set the first subnet, which may cause traffic from other subnets to be blocked.
For example:
In this case, Local Policy will only set to "192.168.1.0/24"
But you may have requirements for other subnet traffic like 192.168.3.0/24.
Answer:
We recommend using a route-based VPN on Nebula.
1)Please modify IPSec Policy "Custom"
And give the VPN tunnel interface
In this case, Local Policy will be "0.0.0.0/0". Firewall would allow other subnets into Tunnel after you completed the next routing setup.
2)Click Routing, and set the correct Policy Route.
For example:
Source Address: 192.168.3.0/24
Destination Address: Peer Subnet
Next-hop: VPN profile
Categories
- All Categories
- 434 Beta Program
- 2.7K Nebula
- 174 Nebula Ideas
- 117 Nebula Status and Incidents
- 6.1K Security
- 413 USG FLEX H Series
- 297 Security Ideas
- 1.6K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 43 Wireless Ideas
- 6.7K Consumer Product
- 268 Service & License
- 416 News and Release
- 87 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.1K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 82 About Community
- 87 Security Highlight