Site-to-site tunnel

Zolik
Zolik Posts: 4
First Comment Friend Collector

Hi,

We bought USG flex 100 into our office and we added it to the nebula.
Now, we need to setup site-to-site tunnel into our datacenter. On nebula site we have network 10.5.1.0/24 and in datacenter we have subnets 10.1.4.0/24 and 10.8.0.0/23. I need to have both networks from datacenter connected to the nebula device in our office, but nebula can't write two subnets to the remote networks.
In datacenter I have kerio router and Debian server, which has installed strongswan, so I can connect nebula to one of them. It doesn't matter, which of them it will be…

Do you know, how to do it?
Thanks

All Replies

  • PeterUK
    PeterUK Posts: 3,389  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    Do two site to site for each subnet

  • Zolik
    Zolik Posts: 4
    First Comment Friend Collector

    It doesn't work for me. When I create second tunnel on nebula side for second subnet from datacenter, works only one network…

  • mMontana
    mMontana Posts: 1,389  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary

    On "not nebula devices" If i need to connect one than more subnet i create more connections on the same gateway.

    Site 1: 192.168.10.0/24, 192.168.11.0/24
    Site 2: 192.168.1.0/24, 192.168.6.0/24

    on both sides, only one gateway for site.

    Site 1: connection from 192.168.10.0/24 to 192.168.1.0/24, from 192.168.10.0/24 to 192.168.6.0/24, from 192.168.11.0/24 to 192.168.1.0/24

    Site 1: connection from 192.168.1.0/24 to 192.168.10.0/24, from 192.168.1.0/24 to 192.168.11.0/24, from 192.168.6.0/24 to 192.168.10.0/24

    4 subnets, three conections for allow intercomunication of several subnets.

    Consider "from" local and "to" remote, as device perspective.

  • Zolik
    Zolik Posts: 4
    First Comment Friend Collector

    Excuse me, I don't understand, how you mean it…

  • PeterUK
    PeterUK Posts: 3,389  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    If you have site to site

    site to site 1

    local policy 10.5.1.0/24

    remote policy 10.1.4.0/24

    You then make another site to site 2

    local policy 10.5.1.0/24

    remote policy 10.8.0.0/23

    Then on the other end will have

    site to site 1

    local policy 10.1.4.0/24

    remote policy 10.5.1.0/24

    and site to site 2

    local policy 10.8.0.0/23

    remote policy 10.5.1.0/24

Nebula Tips & Tricks