Nebula Security Gateways (NSG) feature the possibility to build IPSec VPN tunnels to devices which are not conrtolable with Nebula - this however requires a bit of configuration of the NSG. This tutorial will show you an example configuration of a IPSec VPN Tunnel between one of our USG60 Firewalls and a Nebula NSG100.
- Make notes of the settings of phase 1 and phase 2 of the remote station
(PSK, Encryption, Authentication, Lifetime, DH Group, Remote and Local Policy)
- Log in to nebula.zyxel.com with your account
- Select the organization and site where to create the tunnel
- Go to the submenu Gateway> Configure> Site-to-Site VPN
- At the bottom of the page you will find "Non-Nebula VPN Peers"
- Click on Add, enter an appropriate name, the public IP and the remote policy of the remote site.
Important here, the Private Subnet setting will be used for PING check in Tunnel. Therefore, if you will reach Subnet 192.168.5.0/24, please add here a reachable/available IP,(from your Gateway/Server) like 192.168.5.253/24 for Ping check.
- In "IPsec policy", click on "default". Now you can adjust the settings. Enter the previously noted settings and confirm with OK
- Now enter the PSK and select which network (entire network or only this site) should be reached via the VPN
- Click Save
See below video for a nice visualization of the single steps needed.