SRX5308 VPN some client PCs lose internet after some time, others stay alive consistently
I have an SRX5308 that is connected to a number of servers (web, ftp, etc). The servers are all working fine and are being successfully accessed from the Internet by our customers. The SRX5308 is handling the translation and routing from external IP addresses to specific servers, and it works great.
Next, I wanted to set up VPN so that our company personnel can map drives to some of those server machines.
I followed instructions in the user's guide, and from this site, that guided me through using the "VPN Wizard" to set up a "Client-to-Box" configuration. That action added an IKE Polocy and a VPN Policy to the SRX5308 (which I assume is what it was supposed to do).
I also went to VPN > L2TP Server, and I selected "enable", and I specified a starting IP address and ending IP address that were safely outside my LAN subnet and DHCP subnet.
And I also went to the Users page in the SRX5308, and I added an L2TP user for each of the employees that I wanted to grant access to the VPN.
Two empoyee machines work correctly and can utilize the VPN without significant issue. However, one is having an odd problem. The computer works for about 2-3 minutes before browsing fails. Once that happens, they cannot browse to any more websites from their desktop PC, and they cannot access any drives mapped to the servers anymore, as if the VPN has disconnected them.
When I look at the SRX5308, I can see under VPN > Connection Status > IPSec VPN Connection Status that the user is still seemingly connected. If I also go to VPN > Connection Status > L2TP Active Users, I can see the trouble VPN user still connected, despite the fact that their connection does not work. That empoloyees computer seems stuck until they click on "Disconnect" from the Windows network icon to disconnect from the VPN.
All our computers start out configured identically, and while there may be differences that cause them to drift from their official configuration over time, I can't seem to find any reason why this one computer refuses to stay functioning properly when connected to the VPN.
Does anybody have any ideas? I'm fairly new to setting up VPN, so I apologize if I'm posting a simplistic question.
Model: SRX5308|PROSAFE Gigabit Quad WAN SSL & IPSEC VPN Firewall
Re: SRX5308 VPN some client PCs lose internet after some time, others stay alive consistently
Hi Glass-Man,
Welcome to our community!
As per checking in here that you successfully configured and connected the PCs to VPN. It means that everything works fine until one of the connections stopped working and it seems to affect all the network connections. Have you tried upgrading first the firewall to its latest firmware version? You may reset it to factory default afterwards. Then configure the VPN without any inbound rules applied. Please also check if you do have some inbound rules that affects the entire VPN connection.
Re: SRX5308 VPN some client PCs lose internet after some time, others stay alive consistently
Unfortunately, no, the problem still persists. In the interim, I have tried using a 30-day trial copy of the Netgear VPN Client to see if that made any difference, but it did not.
But as if one problem isn't enough, I have also found that passing all internet traffic through the VPN, as the default settings do, is not practical because it impacts performance at the client side too negatively. So I am currently reading up on how to set up the clients with split tunneling. I am also going back to using the Windows VPN client. I changed the VPN connection so that it no longer tries to use the default gateway, and that does indeed allow internet traffic to continue using the client's ISP, however, it seems to have prevented access to LAN resources on the VPN. I suspect this is because there is no defined route, so I am reading up on how to update the routing table on the client macine so that I can have split tunneling, and still access company LAN resources over the VPN.
