Nebula Security Gateways (NSG) feature the possibility to build IPSec VPN tunnels to devices that are not controllable with Nebula - this, however, requires a bit of configuration of the NSG. This tutorial will show you an example configuration of an IPSec VPN Tunnel between one of our USG60 Firewalls and a Nebula NSG100.
Step-by-Step guide:
- Make notes of the settings of phase 1 and phase 2 of the remote station
(PSK, Encryption, Authentication, Lifetime, DH Group, Remote, and Local Policy) - Log in to nebula.zyxel.com with your account
- Select the organization and site were to create the tunnel
- Go to the submenu Gateway> Configure> Site-to-Site VPN
- At the bottom of the page, you will find "Non-Nebula VPN Peers"
- Click on Add, enter an appropriate name, the public IP and the remote policy of the remote site.
- Important here, the Private Subnet setting will be used for PING check-in Tunnel. Therefore, if you will reach Subnet 192.168.5.0/24, please add here a reachable/available IP,(from your Gateway/Server) like 192.168.5.253/24 for Ping check.
- In "IPsec policy", click on "default". Now you can adjust the settings. Enter the previously noted settings and confirm with OK
- Now enter the PSK and select which network (entire network or only this site) should be reached via the VPN
- Click Save
Also interesting:
Do you want to have a look directly on one of our test devices? Have a look here in our virtual Lab:
Virtual Lab - VPN Nebula to non Nebula device
See the below video for a nice visualization of the single steps needed.
KB-00116