Non-Nebula VPN Peers two IP Ranges
Hello together,
i'am step by step will change from local webinterface configuration to Nebula configuration. (usgflex200)
This time i test the relevant functions for our network and have a problem with the VPN configuration.
Site A - With local webinterface configuration
Public IP: 85.55.66.77
must connect via VPN to 11.11.14.0 Subnet (1)
must connect via VPN to 192.168.69.0 Subnet (2)
Site B - With Nebula configuration
Public IP: 86.54.32.10
must connect via VPN to 192.168.20.0 Subnet (1)
must connect via VPN to 192.168.21.0 Subnet (2)
With local webinterface configuration on both sides, it work well, with none-nebula and nebula only one VPN connection.
------------------------------------------------------------------------
Site A - With local webinterface configuration
IPSec VPN->VPN Gateway
VPN_14_SUB created
VPN_69_SUB created
IPSec VPN->VPN Connection
VPN_14_SUB created - Local Policy 192.168.20.0 / Remote Policy 11.11.14.0
VPN_69_SUB created - Local Policy 192.168.21.0 / Remote Policy 192.168.69.0
Site B - With Nebula configuration
Firewall->Site-To-Site VPN
Select Network 11.11.14.0/24 + 192.168.69.0/24
Non-Nebula VPN Peers:
Name: VPN_20_SUB - Public IP 85.55.66.77 - Private Subnet 192.168.20.1/24
Name: VPN_22_SUB - Public IP 85.55.66.77 - Private Subnet 192.168.21.1/24
------------------------------------------------------------------------
Only the 11.11.14.0 Subnet is reachable and build the VPN up, when both IP Subnets in Nebula are active.
When I deactivate the Subnet 11.11.14.0/24 and activate 192.168.69.0/24 in Nebula, the first VPN disconnect and the second connected.
I hope you can help me.
I hope you can help me.
Best regards
Matthias Lagenstein
0
Accepted Solution
-
Hi @Ray00731
Your networks subnets are:
Nebula side networks(86.54.32.10): 11.11.14.0/24, 192.168.69.0/24
Local web interface(85.55.66.77): 192.168.20.0/24, 192.168.21.0/24
1 Non-Nebula VPN rule and 1 policy route could realize your requirement.
On Nebule site:
Create Non-Nebula VPN setting
Routing for VPN traffic
On-premise device site:
Create VPN tunnel with "Virtual tunnel Interface".
Create VTI interface
Create static route for VPN traffic
There is only 1 VTI VPN tunnel, you could add multiple subnets what you needed.0
Zyxel EmployeeAll Replies
-
Hello Stanley,
you saved my weekend. It works, so i can start the project next week!
Many thanks!
0
Categories
- 8.4K All Categories
- 1.6K Nebula
- 70 Nebula Ideas
- 57 Nebula Status and Incidents
- 4.5K Security
- 226 Security Ideas
- 981 Switch
- 46 Switch Ideas
- 872 WirelessLAN
- 22 WLAN Ideas
- 5.1K Consumer Product
- 157 Service & License
- 280 News and Release
- 59 Security Advisories
- 13 Education Center
- 579 FAQ
- 262 Nebula FAQ
- 160 Security FAQ
- 76 Switch FAQ
- 74 WirelessLAN FAQ
- 7 Consumer Product FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 69 About Community
- 46 Security Highlight
