Site-to-Site VPN between ATP without Pro license
Master Member
I cannot turn "Nebula VPN enable" on as I get an error stating that there is no area leader. I can't manage any area leaders as the option is for Pro Pack only...
How can I create a site to site VPN in this case?
Accepted Solution
-
Hi @TAPTech
The reason for the error message “There were errors in saving this configuration 。It must have a Area Leader” is you enable Area communication on the VPN Orchestrator, you could disable Area communication to avoid this situation.
I set up a lab test with three sites(site1:USGFlex200, site2:USGFlex100_AAA,site3:USGFlex100_BBB) as below Organization-wide > Configure > VPN Orchestrator showed:
STEP1. change site1's VPN Area to a customized area profile called "Zyxel_Area".
STEP2. Go to site2's site-to-site VPN settings and disable "Nebula VPN enable" then save it.
STEP3. Pop out the error message “There were errors in saving this configuration。It must have a Area Leader”
STEP4. Go to Organization-wide > Configure > VPN Orchestrator and disable Area communication
STEP5. Go to site2's site-to-site VPN settings and disable "Nebula VPN enable" and then can save it successfully.
0
Zyxel Employee
All Replies
-
Hello @TAPTech
Could you enable Zyxel support for us(as below) and then tell us your org and site name via private message?
Could you share the screenshot of the error message with us?I cannot turn "Nebula VPN enable" on as I get an error stating that there is no area leader. I can't manage any area leaders as the option is for Pro Pack only...How can I create a site to site VPN in this case?
May I know whether the peer site in Nebula mode or in op-premise mode? Please share the VPN topology with us as well. Thanks.
0 -
As I went to take screenshots for you, I figured out the problem!
When the VPN Topology feature was in Beta, I had created a VPN area. I have a third site which does not need VPN connectivity, and so I had forgotten about it. When I went into the VPN settings of that third site, even though it was disabled, it had the VPN area that I had created selected, instead of "default". Once I changed that back to "default", things started working properly.
I think this might be a bug.0 -
Hi @TAPTechCould you enable Zyxel support and then tell us your org and site name via private message? We would like to check that situation. I will send a private message to you. Thanks.0
-
Hi @TAPTech"When the VPN Topology feature was in Beta, I had created a VPN area. I have a third site which does not need VPN connectivity, and so I had forgotten about it. When I went into the VPN settings of that third site, even though it was disabled, it had the VPN area that I had created selected, instead of "default". Once I changed that back to "default", things started working properly."I quoted your previous message, could you share screenshots about how you reproduce this symptom and how you resolve it? We wonder whether it is a bug or not. Many thanks.0
-
Hi @TAPTechThanks for providing the screenshots to us via private message. The reason why you cannot remove the VPN area profile is the Smart VPN is Nebula Pro pack's license service, so you could add/modify/remove the VPN area profile during Nebula Pro pack service. If you downgrade to Nebula Plus pack and then you don't have the capability to delete the VPN area profile, it's our current behavior, once you upgrade the Pro pack and you can edit it again.
Besides, I tried to set up a lab test on Zyxel HQ but I cannot reproduce it. So, could you record your PC screenshot video for us to show how you reproduce this symptom(pop out the error message "There were errors in saving this configuration. It must have an Area Leader ") on the Nebula Control Center? Thanks for your help in advance.0 -
Hi @TAPTech
The reason for the error message “There were errors in saving this configuration 。It must have a Area Leader” is you enable Area communication on the VPN Orchestrator, you could disable Area communication to avoid this situation.
I set up a lab test with three sites(site1:USGFlex200, site2:USGFlex100_AAA,site3:USGFlex100_BBB) as below Organization-wide > Configure > VPN Orchestrator showed:
STEP1. change site1's VPN Area to a customized area profile called "Zyxel_Area".
STEP2. Go to site2's site-to-site VPN settings and disable "Nebula VPN enable" then save it.
STEP3. Pop out the error message “There were errors in saving this configuration。It must have a Area Leader”
STEP4. Go to Organization-wide > Configure > VPN Orchestrator and disable Area communication
STEP5. Go to site2's site-to-site VPN settings and disable "Nebula VPN enable" and then can save it successfully.
0
Categories
- All Categories
- 393 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 78 Nebula Status and Incidents
- 5.1K Security
- 51 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 906 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 210 Service & License
- 332 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 880 Nebula FAQ
- 415 Security FAQ
- 221 Switch FAQ
- 195 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 63 Security Highlight
