[NEBULA] NSG Site-to-Site VPN port forwarding

StefanoStefano Member Posts: 2  Freshman Member
edited June 2, 2020 4:38PM in Nebula Security Gateway
Hi everyone!
I'm newbie to Nebula, I have to create a site-to-site VPN between two NSG100, I think I've done all the right settings, but which ports I've to forward from my ISP modem to NSG100 to make the VPN work?

Thanks in advance and sorry for my beginner's question! :)

Comments

  • Nebula_ChrisNebula_Chris Zyxel Official Agent Posts: 300  mod
    Hello @Stefano
    Welcome to the community!
    You will need to forward UDP 4500 and 500.
    Besides, may I know if your NSG are using the private IP, if so you will also need to configure your public IP in NAT traversal. 
    For instance, if your NSG at site A using the private IP then you will need to set the modem public IP in NAT traversal at Gateway>Site-to-Site VPN>NAT traversal.



    Chris
    Stefanonewtype
  • StefanoStefano Member Posts: 2  Freshman Member
    Hi!
    Thank you for your help, now all work perfectly! :)
    Nebula_Chris
  • Hello,

    I am experiencing the same problem, although I have enabled port forwarding 4500/500 on my ISP modem/router.

    The VPN doesn't come up at all. Event logs shows this :

    2019-08-01 15:47:21vpn192.168.253.50192.168.254.102 Send:[SA][VID][VID][VID][VID][VID][VID][VID][VID][VID][VID]

    2019-08-01 15:47:21vpn192.168.253.50192.168.254.102 Send Main Mode request to [192.168.254.102]

    2019-08-01 15:47:21vpn192.168.253.50192.168.254.102 Tunnel [SE4186BF70B67] Sending IKE request

    2019-08-01 15:47:21vpn192.168.253.50192.168.254.102 The cookie pair is : 0x3bf988f1ba80c344 / 0x0000000000000000 [count=3]

  • iversivers Member Posts: 36  Freshman Member

    Hi @Papa_DIOP

    Did you configure NAT-Traversal as like what they said ? ( Both sites need to configure it's uplink public IP) And have you seen the receive log, since there is only the send log you pasted.



    Papa_DIOP
  • Nebula_ChrisNebula_Chris Zyxel Official Agent Posts: 300  mod

    Hello @Papa_DIOP

    Do you resolve this issue? Feel free to let me know if the problem persist.


    /Chris

    Chris
    Papa_DIOP
  • Herewith what's configured... On both sides.


  • Herewith Event logs... On both sides.


  • Nebula_ChrisNebula_Chris Zyxel Official Agent Posts: 300  mod

    Hello @Papa_DIOP

    According to the logs it looks like both sites doesn't receive the peer site request packet.

    Can you confirm if the modem/router also support VPN? If so please just turn it off, it will take over VPN traffic instead of forward it.

    I'll also private message you for the next move if the issue persist, please check the Inbox.🙂


    /Chris

    Chris
    Papa_DIOP
Sign In to comment.