[NEBULA] How to establish Site to Site IPSec VPN between Nebula Devices (NSGs) ?

Nebula_CSONebula_CSO Zyxel Official Agent Posts: 138  mod
edited June 3, 2020 2:49PM in Configurations
Prerequisite:
LAN (Private subnet) Networks cannot overlap between each site

Scenario 1 : Setup site to site VPN between Nebula devices (eg: NSG100) under the same organization
8b3li6gj78ax.png

Configure Site to Site IPSec VPN on NSG100-A in Test_Hsinchu
1. Gateway > Configure > Site-to-Site VPN
9vlmqrlrn2fo.png

2. Gateway > Configure > Site-to-Site VPN > Topology > Select Site-to-Site VPN
3. Gateway > Configure > Site-to-Site VPN > Local networks > Toggle on LAN1 and save configuration
1vu6ncqpyyfl.png

Configure Site to Site IPSec VPN on NSG100-B in Taipei Office
4. Gateway > Configure > Site-to-Site VPN
l65awo44mxp5.png

5. Gateway > Configure > Site-to-Site VPN > Topology > Select Site-to-Site VPN
6. Gateway > Configure > Site-to-Site VPN > Local networks > Toggle on LAN1 and save configuration
4q3zxkxj1pa0.png

7. Result of VPN IPsec Connection between Nebula Devices (eg: NSG100) under same organization
  • VPN Site to Site Connect will take 5 minutes to take effect after correct configuration
  • Gateway > Monitor > VPN connection in Test_Hsinchu Site
yf4jzt4250mw.png
  • Gateway > Monitor > VPN connection Taipei Office Site
wegyaxz590ft.png

Scenario 2 : Setup site to site VPN between Nebula devices (eg: NSG100) under the different organizations
spbchjr833oo.png

Configure Site to Site IPSec VPN on NSG100-A in Hsinchu_Headquarter Site
1. Gateway > Configure > Site-to-Site VPN
78wcop68se0g.png

2. Gateway > Configure > Site-to-Site VPN > Topology > Select Site-to-Site VPN
3. Gateway > Configure > Site-to-Site VPN > Local networks > Toggle on subnet that you created (eg: VLAN3)
4. Gateway > Configure > Site-to-Site VPN >Non-Nebula VPN Peers > +Add
5. Enter information with name, public IP, private subnet (LAN) and Preshared secret to NSG100-B that you would like to create the VPN connection , and save configuration
4zehzg219tlz.png


Configure Site to Site IPSec VPN on NSG100-B in Irene Site
6.Go to Gateway > Configure > Site-to-Site VPN
kl40f0fys4h2.png

7. Gateway > Configure > Site-to-Site VPN > Topology > Select Site-to-Site VPN
8. Gateway > Configure > Site-to-Site VPN > Local networks > Toggle on subnet that you created (eg: VLAN4)
9. Gateway > Configure > Site-to-Site VPN >Non-Nebula VPN Peers > +Add
10. Enter information with name, public IP, private subnet (LAN) and Preshared secret to NSG100-A that you would like to create the VPN connection, and save configuration
f9i3f0fr5o2b.png


11. Result of VPN IPsec Connection between Nebula Devices (eg: NSG100) under different organizations
  • VPN Site to Site Connect will take 5 minutes to take effect after correct configuration
  • Gateway > Monitor > VPN connection in Hsinchu_Headquarter Site
zd7xh80oh0uk.png
  • Gateway > Monitor > VPN connection in Irene Site
vivahh2ddsdm.png
Sign In to comment.