How to establish Site-to-site VPN when both Nebula gateways are in different Organizations?

Zyxel_Jason · October 2020

In Figure1, there are two Nebula gateways that want to establish site-to-site VPN connection, but they are in different organizations.

Figure 1 Site-to-SIte VPN

All network IP addresses and subnet masks are used as examples in this article. Please replace them with your actual network IP addresses and subnet masks. This example was tested Nebula gateway, switch, APs with the last firmware version on Nebula Center Control (NCC).

Configuration Setting:

For Demo/Demo:

Go to "GATEWAY > Configure > Site-to-Site VPN > Non-Nebula VPN peers" and configure the parameters.

Name: Zyxel_Nebula

Public IP: 61.222.75.18

Private subnet: 192.168.3.1/24

IPsec policy: Default

Preshared Secret: <Pre-shared key> (Need to be the same as another site)

Availability: This site (Depends on the scenario)

Image: https://us.v-cdn.net/6029482/uploads/editor/86/3ly0qa1uj9ez.jpg

For Zyxel.Nebula/test Jason NSG100:

Go to "GATEWAY > Configure > Site-to-Site VPN > Non-Nebula VPN peers" and configure the parameters.

Name: Demo

Public IP: 36.227.108.105

Private subnet: 192.168.1.199/24

IPsec policy: Default

Preshared Secret: <Pre-shared key> (Need to be the same as another site)

Availability: This site (Depends on the scenario)

Image: https://us.v-cdn.net/6029482/uploads/editor/cj/333gkwitbn8b.jpg

Test the Result:
On Demo/Demo, go to Security gateway > Monitor > VPN connection

Image: https://us.v-cdn.net/6029482/uploads/editor/9n/l98y36t59gvl.jpg

On Zyxel.Nebula/test Jason NSG100, go to Security gateway > Monitor > VPN connection

How to establish Site-to-site VPN when both Nebula gateways are in different Organizations?

Categories