[NEBULA] VPN Connectivity Check

Kiattikorn
Kiattikorn Posts: 12  Freshman Member
edited April 14 in Nebula

Dear Nebula Team,

We have designed VPN solution as following.

 

HQ > USG Series (VPN Server Role)

LAN IP: 192.168.1.1/24

 

BR1 > NSG100 (VPN Client Role)

LAN IP: 192.168.2.1/24

 

BR2 > NSG100 (VPN Client Role)

LAN IP: 192.168.3.1/24

 

After setup VPN and all site tunnel has already connected. But the tunnel uptime can be count to 180sec after that VPN tunnel will be disconnect and reconnect again.

I have to check configuration on NSG by CLI the connectivity IP is not correct.

“conn-check 192.168.1.0 method icmp period 60 timeout 10 fail-tolerance 3 action log”

We don’t have IP 192.168.0.0 in destination network and parameter of fail-tolerance set to 3 time that mean why NSG can reach tunnel uptime 180 secs (60 x3) then always start to reconnect.


The question is.

1.       How to solved this?

2.       Can you add connectivity feature setting on NCC?

Thank you.

 

Comments

  • Nebula_Irene
    Nebula_Irene Posts: 139  Zyxel Employee
    Hi @kiattikorn

    Could you kindly provide the screenshot of Non-Nebula VPN peer page to check with? :)

  • Kiattikorn
    Kiattikorn Posts: 12  Freshman Member
    Here you are.

  • Nebula_Irene
    Nebula_Irene Posts: 139  Zyxel Employee
    Hi @kiattikorn

    This screenshot is USG setting, and may I have the screenshot from NCC, like the below pic. Then I can check your Private subnet. =)


  • Kiattikorn
    Kiattikorn Posts: 12  Freshman Member

  • Nebula_Irene
    Nebula_Irene Posts: 139  Zyxel Employee
    Hi @kiattikorn

    In our current design, users need to input a reachable IP address in the Private subnet field (e.g: if IP on peer side is 192.168.1.254/24, please set Private Subnet to 192.168.1.254/24.), this IP will be used for ping check by the device.
  • Nebula_Irene
    Nebula_Irene Posts: 139  Zyxel Employee
    Hi @kiattikorn
    I hope everything is good on your side! :)
    I would like to move your post to Nebula Security Gateway session to let more users can know how to configure when they have the same symptoms! ;)

  • Kiattikorn
    Kiattikorn Posts: 12  Freshman Member
    Hi Irene,

    Thank you for you prompt respond.

Sign In to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click on this button!