This guide is about the Nebula Security Gateway (NSG) / ATP / USG FLEX feature to build IPSec VPN tunnels between the two devices.
This tutorial will show an example configuration of an IPSec VPN Tunnel between two NSG100 devices on two sites under one organization.
This Works as well for USG FLEX and ATP.
Step-by-Step guide:
- Log in to nebula.zyxel.com with your account
- Select the organization and site where you want to create the VPN tunnel for the first device
- Go to the submenu Site-wide > Configure > Firewall > Site-to-site VPN
- Check the WAN interface you want to use for the VPN tunnel (Outgoing interface)
- Choose the LAN Network, which you want to use for your VPN tunnel (Local networks)
- Choose Site-to-Site under Nebula VPN Topology
- If both sites have different public IP addresses, you need to add the IP address of the own NSG under NAT traversal
- Save your settings
- Repeat the steps above for the second device on the other site
- Check the logs for Site-wide > Monitor > Firewall > Event Logs (Choose Category VPN)
It can take up to 10 minutes to establish the VPN tunnel.
You can check the connection state of the VPN tunnel via VPN Security gateway > Monitor > VPN connections (tunnel has been established when the remote site shows connected status):
Note: If the two Nebula sites you want to pair are not within the same organization, then you will have to treat them as if they were respectively connecting to sites which are not embedded into Nebula - for more information, check this article:
Building up a Site-to-Site VPN in Nebula to a Non-Nebula-Peer
Comments
0 commentsPlease sign in to leave a comment.