VPN Policy Route on NSG 100

Elgen07 · July 2022

Hi

I am testing VPN connections between USG FLEX 100 and NSG 100 since USG FLEX is the new version of NSG.

My problem is that I cannot select VPN when I want to create a Policy Route on NSG, VPN is greyed out. What do I do to be able to create a Policy Route for traffic that will use the VPN connection?

Regards

Olav

Elgen07 · July 2022

No, I have not solved the problem, but I saw that the NSG series is End of Life, so I wonder if there will be a solution to this problem

End of life | Zyxel

h
Olav

Zyxel_Melen · July 2022

Hi @Elgen07,

When creating Nebula VPN tunnel between NSG and USG FLEX, you could not select VPN option when creating a Policy Route on NSG or USG FLEX.
This is a limitation on Nebula.
In order to select VPN in policy route, I suggest you create a Non-Nebula VPN on the site-to-site VPN setting page.
Here is the configuration example:

Image: https://us.v-cdn.net/6029482/uploads/editor/2i/trzcu91vj6bg.png

After saving the configuration, you will be able to select VPN when creating a Policy Route on NSG or USG FLEX.

Image: https://us.v-cdn.net/6029482/uploads/editor/y2/gb9gudr1vc4d.png

In addition, if you want to create a policy route from NSG LAN to USG FLEX LAN, you only need to select "use VPN" for those LANs on the site-to-site VPN setting page. You don't need to manually create a policy route since Nebula will generate the policy after you select the option.

Image: https://us.v-cdn.net/6029482/uploads/editor/an/oaobq6thlxen.png

Elgen07 · July 2022

Hi

Thanks for the reply, I've tested and I get the traffic through although it's not as good functionality as Nebula VPN

h

Olav

VPN Policy Route on NSG 100

All Replies

Categories

Security Help Center