VPN site-to-site from Nebula device to another ORG

GiuseppeR

Hello everyone,

I have some needs when I need to send all the traffic from a Nebula device to another ORG:

1. I need to set a VPN from Nebula to another site (Nebula or not…).
2. I need to set NAT Traversal in Non-Nebula VPN parameters
3. I need to establish a full tunnel VPN

I have different devices, security routers and firewalls, but it seems to me that there are some missing options (except newest FlexH series…).

FlexH have some more pages on Nebula like this one:

1. Let me come back to my problem: take SCR50AXE for example.

I found this:

https://community.zyxel.com/en/discussion/28942/how-to-config-nebula-vpn-for-scr-50axe

and this:

https://support.zyxel.eu/hc/it/articles/15366638605714-SCR50AXE-Router-sicuro-gestito-dal-cloud-Configurazione-in-Nebula-e-Guida-introduttiva#h_01HG8FKQCTA7RRXNMTXDQWFFVV

So I went here:

And I see this section where it seems that I can start a VPN to another site:

2. But here I cannot tell Nebula that VPN has to go via NAT Traversal, because I have other router in front of Nebula device.

Nebula device is in a DMZ, but to establish a VPN I have to declare that somewhere like I did when using VPN Orchestrator :

Is there something that I'm missing?

3. A part from FlexH:

it seems that I cannot route all the traffic from a Nebula device to another site VPN.

Please tell me if I did not find some Zyxel documentation regarding this request

Zyxel_Melen

Hi @GiuseppeR

Sorry for the wait.

1. None Nebula VPN (which is called auto-link VPN) doesn't support NAT-Traversal. So, you will need to set the port forwarding for these protocols UDP 500 & 4500 on the uplink router.
2. The NAT-Traversal is only for Nebula VPN scenario.
3. May I know the scope of the all traffic? All LAN's traffic? Or also device's traffic?