SNAT Nebula
Hallo,
ich werde in diversen Standorten die USG60W durch ne USGFLEX 200 ersetzen und habe zu Hause einen Testaufbau mit den Gegebenheiten einer Filiale.
In dem Zuge möchte ich auch alles auf Nebula umstellen und scheitere nun erneut an einer Sache.
Vom Warenwirtschaftanbieter erhalten wir eine Fortigate die einen VPN Tunnel zum Server aufbaut.
Zyxel Netzwerk (VLAN) - 192.168.99.0
Fortigate IP: 192.168.99.200
Ping, Tracert - klappt alles. Nach längerem analysieren mit einem Supporter vom Serveranbieter sieht dieser meine Anfrage eingehen, aber erhält die Meldung das der Client (also ich) die Daten ablehnt. Der Supporter meint, das es am Source Natting liegt.
In der Tat habe ich in einer Filiale ne Policy Router eingerichtet und nun die Frage - wie bekomme ich das in Nebula hin?
Vielen Dank im vorraus
Gruß
Matthias Lagenstein
All Replies
-
Hi @Ray00731,
Please configure the SNAT from from outgoing-interface to None in policy route.
0 -
Hello,
thank you for your answer.
the configuration on the screen works, so i mustn't change it.
I search the function in Nebula, because there don't work the connection with the extern Fortigate.
0 -
Hi @Ray00731,
You can add static route in Nebula for routing traffic to Fortigate.
0 -
in the “old” Configuration Interface i must set the policy & static route. Without policy route it don't work.
So i must apply the same configuration in Nebula with the SNAT option and i don't know how.
When i set on the windows machine via cmd a route “route /add….” it works.
0 -
Hi @Ray00731 ,
Can you provide a brief network topology with interface IP marked for troubleshooting
0 -
Hi @Zyxel_Cooldia ,
0 -
Here what I think the root cuase of issue.
Triangle route issue (without SNAT to 192.168.99.1)
No triangle route (with SNAT)
So either Zyxel Firewall to allow asymmetric route or doing SNAT can solve the issue.
0 -
IMVHO fortigate should have Fritxbox as WAN and a simple PPTP VPN might be the route among 10.97.0.0/16 and 192.168.99.0/24
0 -
Hello,
yes the offerer from Server & Fortigate mean the same - that SNAT is missing. Without nebula worked the connection. With nebula not. So i think the feature is missing.
In 4 locations the configuration without nebula work fine with policy & static route. The offerer from Server & Fortigate will not change his standard config. They use the internal network as primary Gateway for VPN and WAN only as backup.
Greeting
Matthias0 -
I can see some advantages in Nebula, but not enough for consider that the option for manage Zyxel Firewalls.
0
Zyxel Employee
Master Member
Guru Member
Categories
- All Categories
- 189 Beta Program
- 1.7K Nebula
- 91 Nebula Ideas
- 63 Nebula Status and Incidents
- 4.7K Security
- 236 Security Ideas
- 1.1K Switch
- 51 Switch Ideas
- 917 WirelessLAN
- 27 WLAN Ideas
- 5.4K Consumer Product
- 173 Service & License
- 296 News and Release
- 65 Security Advisories
- 14 Education Center
- 1K FAQ
- 452 Nebula FAQ
- 258 Security FAQ
- 100 Switch FAQ
- 115 WirelessLAN FAQ
- 22 Consumer Product FAQ
- 67 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 69 About Community
- 52 Security Highlight
