Site To Site Issue
hello,
since month already i'm try to build up a Site To Site VPN under Nebula without success.
Site A
Device NSG100
Static IP WAN1
Static IP WAN2
Subnet 10.0.73.0/24
Site B
Device USG FLEX 50W
Static IP WAN1
Static IP WAN2
Subnet 10.0.74.0/24
Subnet 10.0.75.0/24
The strange is that i have "connected" only from Site B to A and "Disconnected" Site A to B
About setting i've follow very carefully the instruction without success.
I've try the "NAT trasversal" even if i have static IP but the result it's always the same.
i've also try the "Hub and spoke" but i still have the same ""connected" only from Site B to A and "Disconnected" Site A to B
If i'm going to check the log,
- i see that some times the Site A try to estabilish a VPN connection with Souce IP WAN1 of Site A and Destination IP WAN2 of Site A that for me look very strange
- i found on Site A every about 2 minuts the following "src/transapi/transapi.c: execute site-to-site-vpn callback function fail to exit" and "Execute zysh cli policy delete profilename SECE5D09015_10 error. errmsg is The index of Policy Route rule is out of range."
I hope that this community will give some advice
Thanks
Accepted Solution
-
Hi @videoled,
To clarify this problem, I will send you a private message to get the org/site name. Also, please help to enable Zyxel support privilege so I can investigate this problem.
Please go to Help (identified by a question mark icon at the upper right corner of Nebula portal) > Support Request > Zyxel support Access to enable and save.
Zyxel Melen0
Zyxel Employee
All Replies
-
Hi @videoled,
To clarify this problem, I will send you a private message to get the org/site name. Also, please help to enable Zyxel support privilege so I can investigate this problem.
Please go to Help (identified by a question mark icon at the upper right corner of Nebula portal) > Support Request > Zyxel support Access to enable and save.
Zyxel Melen0 -
Thanks, access enabled,........
0 -
Hi @videoled,
Thanks for the privilege. This problem is due to bad configuration which occurred before. Please remove the NSG from the site and add it back. This allows for erasing the bad configuration.
Steps to remove the NSG from the site and add it back:
- Please navigate to Menu > License & Inventory > Device tab.
- Select the NSG and click the Actions button > click change site assignment.
- Select "Remove select device(s) from their current site." and save.
- Follow step 2 and 3 to add it back to the original site.
P.S. Removing NSG from the site will erase the running configuration and adding it back will push the latest configuration.
Zyxel Melen0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 151 Nebula Ideas
- 98 Nebula Status and Incidents
- 5.7K Security
- 277 USG FLEX H Series
- 277 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.4K Consumer Product
- 250 Service & License
- 395 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 75 Security Highlight
