NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

zarg's avatar
zarg
Aspirant
Oct 27, 2015

SRX5308 tunnel freeze

Hi,

I am using two SRX5308 for few years now with 16 IPV4 IPSEC tunnels each. I am running 4.3.3-6 firmware. For some weeks now, I can see kind of "freeze" of the tunnels. The SRX5308 does not mount them without any reasons. I did not modify anything in my configuration. The only solution I found is to reboot the SRX5308 which is not a good solution.

 

I am not using IPV6 and DHCP. When tunnels are stucks, the network and internet are still working as they should. I did not see anything special in the log and VPN logs. 

 

Does anybody has an idea ? 

 

Thank you

 

Troubleshooting

4 Replies

  • DaneA's avatar
    DaneA
    NETGEAR Employee Retired
    Oct 28, 2015

    Hi zarg,

     

    Let us isolate the problem.  Kindly answer the questions below:

     

    a. Are both SRX5308 using firmware v4.3.3-6? 

    b. Was the tunnel working fine before the firmware has been upgraded to v4.3.3-6?

    c. Is there an Inbound/Outbound "Any" rule configured in the Firewall rules?

    d. Have you asked the ISP on both sites if there are any changes on their ends?

     

    I look forward to your response.  Welcome to the community! :smileyhappy:

     

     

    Regards,

     

    DaneA

    NETGEAR Community Team

    • zarg's avatar
      zarg
      Aspirant
      Oct 28, 2015

      Hi DaneA,

       

      a) Yes both SRX5308 use 4.4.4-6

      b) Yes

      c) No rules

      d) As far as I know nothing has changed

       

      Since one week now I had only one problem on one of my SRX5308. Weeks before we had to reboot it twice per day...

      • DaneA's avatar
        DaneA
        NETGEAR Employee Retired
        Oct 28, 2015

        Hi zarg,

         

        zarg wrote:

         

        Since one week now I had only one problem on one of my SRX5308. Weeks before we had to reboot it twice per day...

        So the problem is just on one of the SRX5308.  After the firmware was upgraded to v4.3.3-6, did you perform a factory reset on the SRX5308 then reconfigure it from scratch?  It is because its recommended to reset the unit to factory default settings after a successful firmware upgrade.  

         

        Are both SRX5308 acts as the main router on both sites?  The Public WAN IP address should be registered on the firewall itself as this is recommended for VPN.  You may perform a continuous ping test via the VPN tunnel on both sites as well then observed.

         

         

        Regards,

         

        DaneA

        NETGEAR Community Team

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More