Sébastien  Freshman Member

Same issue here, my customers are complaining that they can not connect to their VPN anymore. It was the case before the latest update, so I tried this update as a mitigation but it does not work better after the update. I also tried to switch from the Default policy to another but nothing seems to work. We have…

Dear James, I have tried the command using a SSH connection to the router, and the answer is : % Get AD group VDC has failedretval = -24004ERROR: Display AAA group has failed. Where VDC is the name of my AD configuration in Nebula. What does this mean ? Thanks, Sébastien

Hi Emily, Thanks for your answer which is complete and accurate. Regards, Sébastien

Ok, thank you for your answer. I will switch to on-premise mode until the issue is fixed. Regards, Sébastien

Hello @Zyxel_James, I had no answer for a few days after my first post so for stability of my customer network I went on both sites that were problematic and changed the WAN configuration from PPPoE to static private IP address (and switched the PPPoE to the ISP router). The "PPPoE" bug has now disappeared but now I'm…

Hi Tobias, Yes I know that the situation is still but a power outage/surge can happen anywhen or an employee could power off or restart the appliance accidently. The customer is aware of the problem but it's not its job. Finally I don't know what you already did but now it works, I tried to upgrade all sites again with…

@lalaland Thank you for your reply. Packet tracing is now OK on the right interface shown by sdwan command. :)

Hi @Zyxel_Jason, Ok so for advanced configuration I need to add a "real" device with SN/MAC first. Thanks for your reply. Sébastien

Yes ! Thank you @jasailafan for the link that is exactly what I was looking for ! :-) Have a nice day ! Seb

Hi Vic, Very clear answers, thanks ! :) Regards, Sebastien

Hi Zyxel_Charlie, Sorry for the delay, time is going to fast ! And thank you for trying to resolve this case. My configuration seems correct, please have a look. NetBIOS broadcast works because I can capture the packets with Wireshark as you can see in the screen capture in my first post. And I get something very similar…

Why is there an option which is called "NetBIOS broadcast over SSL VPN tunnel" then ? The wireshark packet capture (see my first post) shows that I can get the destination IP so the broadcast works, am I wrong on that point ? I would understand if I got not response or an error but yes the name is well resolved. I've read…

@Zyxel_Charlie, I agree with you but this is just a workaround to this issue. I don't want to use fixed IPs to avoid conflicts and your solution impose me to do that. There are a lot of machines sharing the content over the LAN which should be reached by their respective name without the use of a DNS just as it works…

Hi Jeremylin, Thank you for your answer. This thread doesn't answer my question but yes it is the same exact problem but in my case it's about SSL VPN not IPSec. NetBIOS broadcast is enabled and the destination machine is well resolved (see the packets captured by wireshark). On premise I can reach the machine by its name…

Hi Emily, Thanks a lot for your answer. You're right, I get an answer when trying to reach the share : The big question now is why it works with the IP address and not with the computer name as it is resolved correctly. Maybe a Windows issue. Thanks again, Sébastien PS. : I configured this USG to have a similar topology to…