How to establish Site-to-site VPN when both Nebula gateways are in different Organizations?

Options
Zyxel_Jason
Zyxel_Jason Posts: 425 image  Master Member
Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Engineer Level 1 - Nebula Zyxel Certified Sales Associate
edited June 2023 in Nebula Security Gateway
In Figure1, there are two Nebula gateways that want to establish site-to-site VPN connection, but they are in different organizations.

Figure 1 Site-to-SIte VPN

All network IP addresses and subnet masks are used as examples in this article. Please replace them with your actual network IP addresses and subnet masks. This example was tested Nebula gateway, switch, APs with the last firmware version on Nebula Center Control (NCC).
Configuration Setting:

For Demo/Demo:

Go to "Configure > Security gateway > Site-to-Site VPN > Non-Nebula VPN peers" and configure the parameters.

Name: Zyxel_Nebula

Public IP: 61.222.75.18

Private subnet: 192.168.3.1/24

IPsec policy: Default

Preshared Secret: <Pre-shared key> (Need to be the same as another site)

Availability: This site (Depends on the scenario)



For Zyxel.Nebula/test Jason NSG100:

Go to "Configure > Security gateway > Site-to-Site VPN > Non-Nebula VPN peers" and configure the parameters.

Name: Demo

Public IP: 36.227.108.105

Private subnet: 192.168.1.199/24

IPsec policy: Default

Preshared Secret: <Pre-shared key> (Need to be the same as another site)

Availability: This site (Depends on the scenario)



Test the Result:
On Demo/Demo, go to Monitor >Security gateway >  VPN connection

On Zyxel.Nebula/test Jason NSG100, go to Security gateway > Monitor > VPN connection


Jason

Tagged:

Categories

EnglishTiếng ViệtРусскийไทย中文(台灣)