Site-to-Site VPN between ATP without Pro license
I cannot turn "Nebula VPN enable" on as I get an error stating that there is no area leader. I can't manage any area leaders as the option is for Pro Pack only...
How can I create a site to site VPN in this case?
Accepted Solution
-
Hi @TAPTech
The reason for the error message “There were errors in saving this configuration 。It must have a Area Leader” is you enable Area communication on the VPN Orchestrator, you could disable Area communication to avoid this situation.
I set up a lab test with three sites(site1:USGFlex200, site2:USGFlex100_AAA,site3:USGFlex100_BBB) as below Organization-wide > Configure > VPN Orchestrator showed:
STEP1. change site1's VPN Area to a customized area profile called "Zyxel_Area".
STEP2. Go to site2's site-to-site VPN settings and disable "Nebula VPN enable" then save it.
STEP3. Pop out the error message “There were errors in saving this configuration。It must have a Area Leader”
STEP4. Go to Organization-wide > Configure > VPN Orchestrator and disable Area communication
STEP5. Go to site2's site-to-site VPN settings and disable "Nebula VPN enable" and then can save it successfully.
See how you've made an impact in Zyxel Community this year!
0
All Replies
-
Hello @TAPTech
Could you enable Zyxel support for us(as below) and then tell us your org and site name via private message?I cannot turn "Nebula VPN enable" on as I get an error stating that there is no area leader. I can't manage any area leaders as the option is for Pro Pack only...How can I create a site to site VPN in this case?
May I know whether the peer site in Nebula mode or in op-premise mode? Please share the VPN topology with us as well. Thanks.
See how you've made an impact in Zyxel Community this year!
0 -
As I went to take screenshots for you, I figured out the problem!
When the VPN Topology feature was in Beta, I had created a VPN area. I have a third site which does not need VPN connectivity, and so I had forgotten about it. When I went into the VPN settings of that third site, even though it was disabled, it had the VPN area that I had created selected, instead of "default". Once I changed that back to "default", things started working properly.
I think this might be a bug.0 -
Hi @TAPTechCould you enable Zyxel support and then tell us your org and site name via private message? We would like to check that situation. I will send a private message to you. Thanks.
See how you've made an impact in Zyxel Community this year!
0 -
Hi @TAPTech"When the VPN Topology feature was in Beta, I had created a VPN area. I have a third site which does not need VPN connectivity, and so I had forgotten about it. When I went into the VPN settings of that third site, even though it was disabled, it had the VPN area that I had created selected, instead of "default". Once I changed that back to "default", things started working properly."I quoted your previous message, could you share screenshots about how you reproduce this symptom and how you resolve it? We wonder whether it is a bug or not. Many thanks.
See how you've made an impact in Zyxel Community this year!
0 -
Hi @TAPTechThanks for providing the screenshots to us via private message. The reason why you cannot remove the VPN area profile is the Smart VPN is Nebula Pro pack's license service, so you could add/modify/remove the VPN area profile during Nebula Pro pack service. If you downgrade to Nebula Plus pack and then you don't have the capability to delete the VPN area profile, it's our current behavior, once you upgrade the Pro pack and you can edit it again.
Besides, I tried to set up a lab test on Zyxel HQ but I cannot reproduce it. So, could you record your PC screenshot video for us to show how you reproduce this symptom(pop out the error message "There were errors in saving this configuration. It must have an Area Leader ") on the Nebula Control Center? Thanks for your help in advance.See how you've made an impact in Zyxel Community this year!
0 -
Hi @TAPTech
The reason for the error message “There were errors in saving this configuration 。It must have a Area Leader” is you enable Area communication on the VPN Orchestrator, you could disable Area communication to avoid this situation.
I set up a lab test with three sites(site1:USGFlex200, site2:USGFlex100_AAA,site3:USGFlex100_BBB) as below Organization-wide > Configure > VPN Orchestrator showed:
STEP1. change site1's VPN Area to a customized area profile called "Zyxel_Area".
STEP2. Go to site2's site-to-site VPN settings and disable "Nebula VPN enable" then save it.
STEP3. Pop out the error message “There were errors in saving this configuration。It must have a Area Leader”
STEP4. Go to Organization-wide > Configure > VPN Orchestrator and disable Area communication
STEP5. Go to site2's site-to-site VPN settings and disable "Nebula VPN enable" and then can save it successfully.
See how you've made an impact in Zyxel Community this year!
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 146 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight