Non-Nebula VPN Peers two IP Ranges
Options
Hello together,
i'am step by step will change from local webinterface configuration to Nebula configuration. (usgflex200)
This time i test the relevant functions for our network and have a problem with the VPN configuration.
Site A - With local webinterface configuration
Public IP: 85.55.66.77
must connect via VPN to 11.11.14.0 Subnet (1)
must connect via VPN to 192.168.69.0 Subnet (2)
Site B - With Nebula configuration
Public IP: 86.54.32.10
must connect via VPN to 192.168.20.0 Subnet (1)
must connect via VPN to 192.168.21.0 Subnet (2)
With local webinterface configuration on both sides, it work well, with none-nebula and nebula only one VPN connection.
------------------------------------------------------------------------
Site A - With local webinterface configuration
IPSec VPN->VPN Gateway
VPN_14_SUB created
VPN_69_SUB created
IPSec VPN->VPN Connection
VPN_14_SUB created - Local Policy 192.168.20.0 / Remote Policy 11.11.14.0
VPN_69_SUB created - Local Policy 192.168.21.0 / Remote Policy 192.168.69.0
Site B - With Nebula configuration
Firewall->Site-To-Site VPN
Select Network 11.11.14.0/24 + 192.168.69.0/24
Non-Nebula VPN Peers:
Name: VPN_20_SUB - Public IP 85.55.66.77 - Private Subnet 192.168.20.1/24
Name: VPN_22_SUB - Public IP 85.55.66.77 - Private Subnet 192.168.21.1/24
------------------------------------------------------------------------
Only the 11.11.14.0 Subnet is reachable and build the VPN up, when both IP Subnets in Nebula are active.
When I deactivate the Subnet 11.11.14.0/24 and activate 192.168.69.0/24 in Nebula, the first VPN disconnect and the second connected.
I hope you can help me.
I hope you can help me.
Best regards
Matthias Lagenstein
0
Accepted Solution
-
Hi @Ray00731
Your networks subnets are:
Nebula side networks(86.54.32.10): 11.11.14.0/24, 192.168.69.0/24
Local web interface(85.55.66.77): 192.168.20.0/24, 192.168.21.0/24
1 Non-Nebula VPN rule and 1 policy route could realize your requirement.
On Nebule site:
Create Non-Nebula VPN setting
Routing for VPN traffic
On-premise device site:
Create VPN tunnel with "Virtual tunnel Interface".
Create VTI interface
Create static route for VPN traffic
There is only 1 VTI VPN tunnel, you could add multiple subnets what you needed.0
Zyxel Employee
All Replies
-
Hi @Ray00731
Your networks subnets are:
Nebula side networks(86.54.32.10): 11.11.14.0/24, 192.168.69.0/24
Local web interface(85.55.66.77): 192.168.20.0/24, 192.168.21.0/24
1 Non-Nebula VPN rule and 1 policy route could realize your requirement.
On Nebule site:
Create Non-Nebula VPN setting
Routing for VPN traffic
On-premise device site:
Create VPN tunnel with "Virtual tunnel Interface".
Create VTI interface
Create static route for VPN traffic
There is only 1 VTI VPN tunnel, you could add multiple subnets what you needed.0 -
Hello Stanley,
you saved my weekend. It works, so i can start the project next week!
Many thanks!
0
Categories
- All Categories
- 385 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 80 Nebula Status and Incidents
- 5.1K Security
- 74 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 210 Service & License
- 335 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 886 Nebula FAQ
- 415 Security FAQ
- 228 Switch FAQ
- 198 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 63 Security Highlight
