This might have already been asked but i found 2 threads that didn't solve the issue. We have a cluster running R80.40. I went through the full setup, we already using Identity Awareness so the AD Account unit is already built. I built out a new LDAP Group named it RemoteVPNUsers under only sub Tree place CN=<group name>,OU=<Group>,DC=etc etc. When I try to connect Remote VPN I get an error saying "Negotiation with site failed". I created a local user group and made a test user. I was able to connect Remote VPN with the local group no issues. The LDAP group is failing.

I have a TAC case (3049803) open and unfortunately the engineer have tried multiple things and we couldn't solve this issue...it's getting frustrating. We have captured logs from vpnd.log and trac.log and what he has come up with is User is not defined in the ldap group but it is. We verified user belongs to that group via "adlog". 

Any more suggestions... should i use "Only group in branch" then how do it define the path in the 2 fields. Thanks.