Nebula VPN - Configure Site-to-Site VPN in Nebula between two Nebula Gateways

This guide is about the Nebula Security Gateway (NSG) / ATP / USG FLEX feature to build IPSec VPN tunnels between the two devices.
This tutorial will show an example configuration of an IPSec VPN Tunnel between two NSG100 devices on two sites under one organization.
This Works as well for USG FLEX and ATP.

 

Step-by-Step guide:

  1. Log in to nebula.zyxel.com with your account
  2. Select the organization and site where you want to create the VPN tunnel for the first device
  3. Go to the submenu Site-wide > Configure > Firewall > Site-to-site VPN
  4. Check the WAN interface you want to use for the VPN tunnel (Outgoing interface)
  5. Choose the LAN Network, which you want to use for your VPN tunnel (Local networks)
  6. Choose Site-to-Site under Nebula VPN Topology
  7. If both sites have different public IP addresses, you need to add the IP address of the own NSG under NAT traversal
  8. Save your settings
  9. Repeat the steps above for the second device on the other site
  10. Check the logs for Site-wide > Monitor > Firewall > Event Logs (Choose Category VPN)

It can take up to 10 minutes to establish the VPN tunnel.


You can check the connection state of the VPN tunnel via VPN Security gateway > Monitor > VPN connections (tunnel has been established when the remote site shows connected status):

 

Note: If the two Nebula sites you want to pair are not within the same organization, then you will have to treat them as if they were respectively connecting to sites which are not embedded into Nebula - for more information, check this article:
Building up a Site-to-Site VPN in Nebula to a Non-Nebula-Peer

Articles in this section

Was this article helpful?
0 out of 3 found this helpful
Share

Comments

0 comments

Please sign in to leave a comment.