[NEBULA] zero touch vpn

FrankIversen
FrankIversen Posts: 92
Ideas master First Comment Friend Collector Third Anniversary
 Ally Member
edited April 2021 in Nebula
will zero touch vpn work when the customers have dynamic wan ips?

Comments

  • Zyxel_Irene
    Zyxel_Irene Posts: 132
    5 Answers First Comment Friend Collector First Anniversary
     Zyxel Employee
    @FrankIversen
    What is your VPN scenario, Nebula-to-Nebula or Nebula-to-NonNebula?

  • Zyxel_Irene
    Zyxel_Irene Posts: 132
    5 Answers First Comment Friend Collector First Anniversary
     Zyxel Employee

    If your NSG is not behind the NAT, Site-to-Site VPN with dynamic peer is supported by NSG for Nebula-to-Nebula VPN topology now. When NSG public IP is changed, VPN tunnel will disconnected and re-connected automatically. (Because if your NSG is behind the NAT, you need to set NAT-traversal on NCC.)


    For Nebula-to-nonNebula VPN topology, if your nonNebula device is set up with a static IP and you can set it as Server Role, and Nebula device which is not behind the NAT run with DHCP, then when NSG public IP is changed, VPN tunnel will also disconnected and re-connected automatically.




  • FrankIversen
    FrankIversen Posts: 92
    Ideas master First Comment Friend Collector Third Anniversary
     Ally Member
    nebua-to-nebula, not behind nat. (the nsg will be the first firewall).
    Thanks.
  • Zyxel_Irene
    Zyxel_Irene Posts: 132
    5 Answers First Comment Friend Collector First Anniversary
     Zyxel Employee
    edited September 2017
    @FrankIversen
    You are running on zero touch VPN. ;)
    Once NSG public IP is changed, VPN tunnel will disconnected and re-connected automatically.

Categories

Nebula Tips & Tricks


    Read more

    Nebula Help Center

  • FAQ
  • New & Release
  • Nebula Status & Incidents
  • Video Tutorials
    • EnglishTiếng ViệtРусскийไทย中文(台灣)