[NEBULA] What is the difference between All sites and This Site for Availability configuration?

Zyxel_Irene

When user want to establish VPN tunnel between Non-Nebula and Nebula device, they have to go to Configure > Security gateway > Site-to-Site VPN to create Non-Nebula VPN peers on NCC.



Then you will see Availability option there, and in dropdown list, there are All sites and This site you can select.

What is the difference between All sites and This site for Availability configuration?

• All sites: It means the client under VPN topology can reach others who connect with remote side. We take an example below,
  

Client A can reach to all sites enabled VPN under org. Zyxel through VPN tunnels, e.g., Client A can ping Client 01 and 02, and the traffic flow will be,

If the destination is Client 01

1. Traffic from Client A will be transmitted to Site 01 first  through VPN tunnel between Non-Nebula and Site 01.
2. Then it will be passed to Client 01 by Site 01 NSG.
   
   

If the destination is Client 02

1. Traffic from Client A will be transmitted to Site 01 first  through VPN tunnel between Non-Nebula and Site 01.
2. Then it will be transferred by Site 01 NSG to Site 02 NSG to reach Client 02. (There is no direct VPN tunnel between Non-Nebula and Site 02.)
   
   

• This Site: It means the client under local site can reach clients under remote site only. We also take an example below,

Client A can reach to Client 01 under org. Zyxel through VPN tunnels, e.g., Client A can ping Client 01 only, and the traffic flow will be,

If the destination is Client 01

1. Traffic from Client A will be transmitted to Site 01 first  through VPN tunnel between Non-Nebula and Site 01.
2. Then it will be passed to Client 01 by Site 01 NSG.
   
   

If the destination is Client 02

1. The destination is unreachable.
   
   

Accord your VPN scenario / topology  to configure Availability on NCC.