Site-to-Site VPN Issues after Internet Connection Change

GGSD_IT

We have a problem in our company with the Nebula Cloud that is driving us crazy. We have 17 locations that are connected via Site-to-Site VPN (Hub-and-Spoke topology), or rather, were connected. When the peers try to connect to the hub, the VPN tunnel simply collapses in Phase 1. Nothing has changed with the ISP, the necessary ports are still open.

I have already replaced the firewall that serves as the hub. I have deactivated all Site-to-Site VPN settings and tried to set up a new network, without success. I am at a loss.

The only connection that could have caused the problems is a change in the internet connection at one of the locations. Exactly at the time when I reconfigured the gateway at one location from one internet connection to another, all VPN tunnels collapsed. Can a change in the public IP at one of the peers cause the entire VPN network to collapse? Strangely, locations that were not previously part of the VPN network can be added cleanly and establish a connection. Only the existing locations that were connected at the time of the change refuse to establish a tunnel.

Is there anything I can do to get the locations to reconnect?

Thanks for help!

Zyxel_Judy

Hi @GGSD_IT ,

To better support you, could you please share the following information:

• Which firewalls (hub) were used before and after the replacement? Tell us the organization and site name as well.
• Which firewall (spoke) had its internet connection changed, causing all VPN tunnels to collapse? Tell us the organization and site name as well.
• Are all 17 locations using Zyxel firewalls within the same Nebula organization?

By the way, please follow the instruction to enable Zyxel support for our checking.