Non-Nebula VPN Peers two IP Ranges
Hello together,
i'am step by step will change from local webinterface configuration to Nebula configuration. (usgflex200)
This time i test the relevant functions for our network and have a problem with the VPN configuration.
Site A - With local webinterface configuration
Public IP: 85.55.66.77
must connect via VPN to 11.11.14.0 Subnet (1)
must connect via VPN to 192.168.69.0 Subnet (2)
Site B - With Nebula configuration
Public IP: 86.54.32.10
must connect via VPN to 192.168.20.0 Subnet (1)
must connect via VPN to 192.168.21.0 Subnet (2)
With local webinterface configuration on both sides, it work well, with none-nebula and nebula only one VPN connection.
------------------------------------------------------------------------
Site A - With local webinterface configuration
IPSec VPN->VPN Gateway
VPN_14_SUB created
VPN_69_SUB created
IPSec VPN->VPN Connection
VPN_14_SUB created - Local Policy 192.168.20.0 / Remote Policy 11.11.14.0
VPN_69_SUB created - Local Policy 192.168.21.0 / Remote Policy 192.168.69.0
Site B - With Nebula configuration
Firewall->Site-To-Site VPN
Select Network 11.11.14.0/24 + 192.168.69.0/24
Non-Nebula VPN Peers:
Name: VPN_20_SUB - Public IP 85.55.66.77 - Private Subnet 192.168.20.1/24
Name: VPN_22_SUB - Public IP 85.55.66.77 - Private Subnet 192.168.21.1/24
------------------------------------------------------------------------
Only the 11.11.14.0 Subnet is reachable and build the VPN up, when both IP Subnets in Nebula are active.
When I deactivate the Subnet 11.11.14.0/24 and activate 192.168.69.0/24 in Nebula, the first VPN disconnect and the second connected.
I hope you can help me.
I hope you can help me.
Best regards
Matthias Lagenstein
0
Accepted Solution
-
Hi @Ray00731
Your networks subnets are:
Nebula side networks(86.54.32.10): 11.11.14.0/24, 192.168.69.0/24
Local web interface(85.55.66.77): 192.168.20.0/24, 192.168.21.0/24
1 Non-Nebula VPN rule and 1 policy route could realize your requirement.
On Nebule site:
Create Non-Nebula VPN setting
Routing for VPN traffic
On-premise device site:
Create VPN tunnel with "Virtual tunnel Interface".
Create VTI interface
Create static route for VPN traffic
There is only 1 VTI VPN tunnel, you could add multiple subnets what you needed.0
Zyxel Employee
All Replies
-
Hi @Ray00731
Your networks subnets are:
Nebula side networks(86.54.32.10): 11.11.14.0/24, 192.168.69.0/24
Local web interface(85.55.66.77): 192.168.20.0/24, 192.168.21.0/24
1 Non-Nebula VPN rule and 1 policy route could realize your requirement.
On Nebule site:
Create Non-Nebula VPN setting
Routing for VPN traffic
On-premise device site:
Create VPN tunnel with "Virtual tunnel Interface".
Create VTI interface
Create static route for VPN traffic
There is only 1 VTI VPN tunnel, you could add multiple subnets what you needed.0 -
Hello Stanley,
you saved my weekend. It works, so i can start the project next week!
Many thanks!
0
Categories
- All Categories
- 431 Beta Program
- 2.6K Nebula
- 165 Nebula Ideas
- 112 Nebula Status and Incidents
- 6K Security
- 365 USG FLEX H Series
- 292 Security Ideas
- 1.5K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 42 Wireless Ideas
- 6.6K Consumer Product
- 263 Service & License
- 407 News and Release
- 87 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.9K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 83 Security Highlight
