Full VPN tunnel from FlexH 1.32 FW to Nebula Org firewall

GiuseppeR · July 3

Yes VTI are in the same subnet now, but the hidden mistake was to use the same IP (not the same subnet…) for both. I did not see this mistake because it was set once on Nebula and never checked again until some hours of testing.

Now I have this rule working properly:

but the local LAN of FlexH goes remotely on the first subnet it finds.

When I set the VPN as "Custom" on FlexH I told the VPN to go to a specific remote subnet but it seems it ignores that:

that blu "Destionation" subnet is where I wanted to have that traffic from VPN.

Remotely I have different subnets:

192.168.1.1
192.168.10.1
192.168.201.1 and so on….

So the traffic from VPN has to go on a specific one.

In reality the VPN goes to 192.168.1.1 network

Should I used this advance area to specificy which is the remote destination?

PeterUK · July 3

The static route setup is not for ORG1 (FLEX H) remove it the static route setup is or ORG2

leave NAT rule blank

Zyxel_Melen · July 4

Hi @GiuseppeR

May I know the site-to-site VPN setting on org B(USG FLEX)?

Please check if you enable "use VPN" for the second interface/subnet. If not, please enable it first.

Then, back to USG FLEX H local GUI and navigate to Menu > Network > Routing > Static Route to check if both LAN interface/subnet has the static route rule. In my lab, I have two static route for the two LAN interface

Once it has, you can access it from H side.

Full VPN tunnel from FlexH 1.32 FW to Nebula Org firewall

All Replies

Categories

Security Help Center