Hi everyone,I bought recently a SRX5308 firewall. I want to achieve a Client to Gateway IPSec VPN with this device. I used the VPN Wizard to configure the Gateway and I installed the Netgear VPN Prosafe client on a Windows 7 computer. I can open the tunnel but I get two issues :* When the tunnel is open, I can't go on Internet (DNS fails)* I can't ping any host in the remote LAN, even the VPN gateway.I made some tests and I found that the client ping packets reach the LAN host I want to ping, the LAN host send its reply to gateway, but gateway doesn't arrive to send packets to the client.What should I do to solve my problem ?Thanks for your help.

IPsec tunnel will only uses local internet traffic for http etc IPsec tunnel will not resolves PC name via tunnel unless you use modeconfig with own DNS serverIPsec needs 2x public and 2x private with BOTH side different LAN subnet (ex, 192.168.50.x and 192.168.60.x)

IPsec tunnel will only uses local internet traffic for http etcThis means that client http requests cross the VPN tunnel ?IPsec tunnel will not resolves PC name via tunnel unless you use modeconfig with own DNS serverSo, I have to use modeconfig if I want to go on Internet while tunnel is open ?IPsec needs 2x public and 2x private with BOTH side different LAN subnet (ex, 192.168.50.x and 192.168.60.x) It's already done. I also created a static route between the gateway and the client.

Http will NOT use IPSec . Local where client is connected Only SSL-VPN in full tunnel

If HTTP doesn't use the IPSec tunnel, why I can't go on Internet when the tunnel is open?

No static route needed. Post screenshots of what you did.

IPSec VPN with SRX5308 | NETGEAR Communities

49 Replies

jmizoguchi
Virtuoso
May 30, 2013
Firewall on each destination pc is not responding

Third party firewall or MS firewall must trust opposite LAN subnet
franck_martin2
Aspirant
May 30, 2013
I disabled the MS firewall and I retried to ping the LAN host but the problem is not solved, I have the same issue : ping packets can't go from gateway to client.
franck_martin2
Aspirant
May 30, 2013
The LAN host is a Linux PC and it send a reply to the client. So the problem is between the gateway and the Windows 7 client. If the windows 7's firewall is not responsible of the packet loss, who is the troublemaker? A static route?
jmizoguchi
Virtuoso
May 30, 2013
What is LAN subnet for both side?
franck_martin2
Aspirant
May 30, 2013
The LAN subnet is the same for the remote LAN and for the client. The remote LAN mask is /25, like the tunnel interface of the client. The mask for the client physical ethernet interface is /24.
jmizoguchi
Virtuoso
May 30, 2013
Detail the IP
franck_martin2
Aspirant
May 30, 2013
LANs IP address is 192.168.x.x. I can't tell more.
jmizoguchi
Virtuoso
May 30, 2013
Private IP.

hiding is useless
franck_martin2
Aspirant
May 30, 2013
OK. How can I solve my problem? Can you give me some advices or test to do to help me?
adit
Mentor
May 30, 2013
You can play this game for the next 2 weeks and get no where. Like I said, there are no static routes needed, and post screenshots of the settings.

Forum Discussion

IPSec VPN with SRX5308

49 Replies

Related Content

Getting SRX5308 VPN IPSec to work with Android (when using DynDNS)

Bridge 2 Networks with SRX5308 Help

SRX5308 IPsec Mode Config - [IKE] ERROR: No configuration found for...

SRX5308 nicht nachvollziehbare Protokolleinträge

Netgear SRX5308 SSL - Aufruf im Browser nicht möglich

NETGEAR Academy

ProSupport for Business