Comments
-
I was able to get everything working by disabling the IP helper polices that were auto added
-
Anyone have issues resolving windows dns over the route based tunnel? I enabled net bios over the tunnel … I can ping my windows dns server from the remote site but it won’t resolve and dns.. yes I have the dhcp scope on the remote side pointed back the private IP of my servers at the main site…
-
My main site has primary and backup fiber WAN circuits. My remote sites that have dual WANs are typically fiber/cell or fiber/cable. The probes for the SD wan always pick the fiber naturally as that circuit should perform better. The only time it would go out of the cell/cable connection would be total packet loss on the…
-
I set the tunnels up last night with IKEV2, and made no change... I did upgrade the firmware of the 7th gen device to the latest version and it seems to fix the issue of the x3 interface dropping the tunnels... I toggled it on and off about 30 times last night... however, during the day today, the customer called with a…
-
Do you have a good KB to reference for IKEv2 setup for one site being static and one site being dynamic? 7th Gen at HQ and Soho's are on 5.9 at remote sites...
-
I looked through a million log entries but I didn't capture any,... I'll grab a few tonight when I simulate a fail-over I'll try flipping a site over to IKEv2 tonight and compare the results... it changing those IKEv2 fixes it, that would be fantastic...
-
I'll have to double-check the TZ, it might be one version behind now. The tunnels are all bound to the WAN zone and not a specific interface. The remote sites are using aggressive mode because other than HQ, all the remote sites have dynamic public addresses...
-
Are you using PKI, Digital Certificate Authentication before logging into windows?
-
I agree -- It was super simplistic to set up and train the users... I'm exploring the use of PKI and always-on VPN, but there isn't official documentation released for the 500V... I have to connect the tunnel before I log into windows because I use folder redirection and several other GPOs applied in Windows.. this for…
-
This is my current solution as well. I opened up a support ticket and received the following information: As per Engineering this functionality is dropped - Modernizing the driver to Tun dropped the support - This is by design as Device VPN is planned for a future update It may be advisable to rollback the firmware and the…
-
No- I opened a ticket with support and was told it was planned for a future release but with no ETA. I had to go into each client and backroll net extender to 10.2.309. Make sure you adjust the SMA and Netextender to disable auto-upgrade.