NonSDWan Branch to SDWan Hub
Hi everyone, maybe it's just me ... but I can't understand the process of connecting an older branch firewall (for example a Zywall100 Plus) to a new, SDWan configured Hub...
I'm about to switch our 10 sites hub-and-spoke VPN to sdwan, but cannot stop operations and cannot be everywhere to reconnect firewalls so i was trying to:
Configure the main office new Zyxel VPN300 as an sdwan device
Configure non-sdwan to that vpn300 on the elder firewalls (a mix of 100plus, usg20-30 and vpn50)
> see traffic and people happily work
Gradually switch branches new firewalls to sdwan, one at a time
I've tried to setup a Configuration-Services-NonSDWan Gateway as a branch, specifying its router's ip (and flagging nat); dialed in the necessary parameters and the remote's lan address;
Then selected it in my organization's profile, assigning it to a corporate zone... (maybe i should have checked "branch to non-sdwan hubs" but i think it's the opposite of what i'm trying to accomplish)
Manually create a new phase1 and phase2 vpn setup following the configuration file inside the branch's firewall.
I could see on both firewalls IKE traffic (yes, ports are opened and nat selected on both side's routers) but "no proposal" or "wrong cookie pairs" errors and no communication.
Can somebody provide more advice on this setup?
Thank you very much!
Sign In to comment.