[NEBULA] NSG Site-to-Site VPN port forwarding

Stefano
Stefano Posts: 2  Freshman Member
First Comment Fifth Anniversary
edited April 2021 in Nebula
Hi everyone!
I'm newbie to Nebula, I have to create a site-to-site VPN between two NSG100, I think I've done all the right settings, but which ports I've to forward from my ISP modem to NSG100 to make the VPN work?

Thanks in advance and sorry for my beginner's question! :)

Comments

  • Zyxel_Chris
    Zyxel_Chris Posts: 705  Zyxel Employee
    Zyxel Certified Network Administrator - WLAN Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 50 Answers
    Hello @Stefano
    Welcome to the community!
    You will need to forward UDP 4500 and 500.
    Besides, may I know if your NSG are using the private IP, if so you will also need to configure your public IP in NAT traversal. 
    For instance, if your NSG at site A using the private IP then you will need to set the modem public IP in NAT traversal at Gateway>Site-to-Site VPN>NAT traversal.



  • Stefano
    Stefano Posts: 2  Freshman Member
    First Comment Fifth Anniversary
    Hi!
    Thank you for your help, now all work perfectly! :)
  • Papa_DIOP
    Papa_DIOP Posts: 17  Freshman Member
    First Comment Fifth Anniversary

    Hello,

    I am experiencing the same problem, although I have enabled port forwarding 4500/500 on my ISP modem/router.

    The VPN doesn't come up at all. Event logs shows this :

    2019-08-01 15:47:21vpn192.168.253.50192.168.254.102 Send:[SA][VID][VID][VID][VID][VID][VID][VID][VID][VID][VID]

    2019-08-01 15:47:21vpn192.168.253.50192.168.254.102 Send Main Mode request to [192.168.254.102]

    2019-08-01 15:47:21vpn192.168.253.50192.168.254.102 Tunnel [SE4186BF70B67] Sending IKE request

    2019-08-01 15:47:21vpn192.168.253.50192.168.254.102 The cookie pair is : 0x3bf988f1ba80c344 / 0x0000000000000000 [count=3]

  • ivers
    ivers Posts: 45  Freshman Member
    First Comment First Answer Friend Collector Fifth Anniversary

    Hi @Papa_DIOP

    Did you configure NAT-Traversal as like what they said ? ( Both sites need to configure it's uplink public IP) And have you seen the receive log, since there is only the send log you pasted.



  • Zyxel_Chris
    Zyxel_Chris Posts: 705  Zyxel Employee
    Zyxel Certified Network Administrator - WLAN Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 50 Answers

    Hello @Papa_DIOP

    Do you resolve this issue? Feel free to let me know if the problem persist.


    /Chris

  • Papa_DIOP
    Papa_DIOP Posts: 17  Freshman Member
    First Comment Fifth Anniversary

    Herewith what's configured... On both sides.


  • Papa_DIOP
    Papa_DIOP Posts: 17  Freshman Member
    First Comment Fifth Anniversary

    Herewith Event logs... On both sides.


  • Zyxel_Chris
    Zyxel_Chris Posts: 705  Zyxel Employee
    Zyxel Certified Network Administrator - WLAN Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 50 Answers

    Hello @Papa_DIOP

    According to the logs it looks like both sites doesn't receive the peer site request packet.

    Can you confirm if the modem/router also support VPN? If so please just turn it off, it will take over VPN traffic instead of forward it.

    I'll also private message you for the next move if the issue persist, please check the Inbox.🙂


    /Chris

Nebula Tips & Tricks