Nebula USG FLEX 100H remote access vpn

MarkoK

The customer has several offices that are connected with USG FLEX 100H firewalls via nebula.
we would like to make a remote access vpn, ike2 windows native client, through which we could also access other offices. this probably requires a policy route, but I haven't gotten it to work properly.
could I get instructions for this

MarkoK

it's workin

Thank you

Zyxel_Melen

Hi @MarkoK

To better help you on this requirement, could you share the current VPN setting between each site?

Are you using Nebula SD-VPN? Or?

MarkoK

Are you using Nebula SD-VPN?

Nebula SD-VPN used

remote access vpn full tunnel

side a lan 192.168.200.1

side b lan 192.168.150.1

remote access vpn ip pooll 10.10.12.0/24

remote accees connect side a, and i want it can connect also side b lan

MarkoK

update

remote access connection works side a, but it canot connect side b

Zyxel_Melen

Hi @MarkoK

You need to setup static route on side b, so side b firewall knows where should it send the packet back to remote access vpn client.

Here is the setup steps (side a use test#1 as example, side b use test#2 as example):

1. Navigate to Nebula side b > Menu > Monitor > firewall > VPN connection. Find the VTI IP of side a.
   
2. Navigate to Menu > Site-wide > Configure > Firewall > Routing. Add the static routing rule like below.
   
3. Connect remote access VPN and ping side b. Test result should be success.

Hope this helps.

MarkoK

it's workin

Thank you

MarkoK

if we want to use split tunnet (ike2 or sslvpn), is that possible?