zero touch vpn

will zero touch vpn work when the customers have dynamic wan ips?

Comments

  • Nebula_IreneNebula_Irene Zyxel Official Agent Posts: 140  mod
    @FrankIversen
    What is your VPN scenario, Nebula-to-Nebula or Nebula-to-NonNebula?

  • Nebula_IreneNebula_Irene Zyxel Official Agent Posts: 140  mod

    If your NSG is not behind the NAT, Site-to-Site VPN with dynamic peer is supported by NSG for Nebula-to-Nebula VPN topology now. When NSG public IP is changed, VPN tunnel will disconnected and re-connected automatically. (Because if your NSG is behind the NAT, you need to set NAT-traversal on NCC.)


    For Nebula-to-nonNebula VPN topology, if your nonNebula device is set up with a static IP and you can set it as Server Role, and Nebula device which is not behind the NAT run with DHCP, then when NSG public IP is changed, VPN tunnel will also disconnected and re-connected automatically.




  • FrankIversenFrankIversen Member Posts: 83  Ally Member
    nebua-to-nebula, not behind nat. (the nsg will be the first firewall).
    Thanks.
  • Nebula_IreneNebula_Irene Zyxel Official Agent Posts: 140  mod
    edited September 26, 2017 3:46PM
    @FrankIversen
    You are running on zero touch VPN. ;)
    Once NSG public IP is changed, VPN tunnel will disconnected and re-connected automatically.

Sign In to comment.