Reply

Re: VPN between two SRX5308 acts strange

diggyz
Aspirant

VPN between two SRX5308 acts strange

Im having a problem connecting two SRX5308 over ipsec. The connection is up and everything seems to work fine. I can ping from both sites and even connect via ip-adress.

If i use hostnames i crawls and gets really really slow. Sometimes it works and sometimes it doenst. Nslookup works perfect and its quick.

Got me thinking about if it can has something todo with MTU?

 

Also authentication to the windows domain controller takes forever (10-15min) for the person on the other end trying to auth to over VPN.

What have I missed?

Model: SRX5308|PROSAFE Gigabit Quad WAN SSL & IPSEC VPN Firewall
Message 1 of 6
DaneA
NETGEAR Moderator

Re: VPN between two SRX5308 acts strange

Hi @diggyz,

 

Welcome to the community! 🙂 

 

Kindly check if the Enable NetBIOS is checked on both SRX5308.  On the web-GUI of the SRX5308, go to VPN > IPSec VPN > VPN Policies then select the corresponding VPN Policy and click Edit.  If ever the Enable NetBIOS is already checked, kindly uncheck it then click Apply, then, check it again and click Apply to refresh it.  Kindly read pages 268-270 of the SRX5308 reference manual here about NetBIOS Bridging with IPSec VPN. 

 

About MTU sizes, refer to the table below: 

 

 

You may want to try changing the MTU size to 1492 and see if it helps. 

 

What is the current firmware version of both SRX5308? 

 

 

Regards,

 

DaneA
NETEGAR Community Team

Message 2 of 6
diggyz
Aspirant

Re: VPN between two SRX5308 acts strange

Netbios are checked on both.

Hostnames works but after some seconds i just gets stuck and nothing happens. Seems like no packets going trough. And when the other end are trying to connection to the windows AD it takes 10-15min before their computer gets logged on. Nslookup of hostnames works fine.

 

Firmware is  4.3.3-6 and 4.3.5-3... was both 4.3.3-6 before.

 

We are also using another ipsec tunnel to another network (dont know what model of router they got) which is set up excatly the same at our end that works just fine. Both IP and hostnames.

Message 3 of 6
DaneA
NETGEAR Moderator

Re: VPN between two SRX5308 acts strange

@diggyz,

 

Just want to verify, you mentioned that you have a windows domain controller.  Does both sites have a windows domain controller?  If yes, can you try to use the LAN IP of SRX5308 on both sites to be the DNS and check if it helps. 

 

Also, it would be best if the SRX5308 on both sites will be on the latest firmware v4.3.5-3.  You can download the latest firmware v4.3.5-3 here.  Be reminded to perform a factory reset on the SRX5308 after upgrading the firmware then, reconfigure the settings from scratch in order to start clean using the latest firmware version.

 

 

Regards,

 

DaneA
NETEGAR Community Team

Message 4 of 6
diggyz
Aspirant

Re: VPN between two SRX5308 acts strange

Only 1 sites has a domain controller. The other site are using the domain controller over VPN (or plans to do)

On the clients I have the SRX5308 as gateway and the domain controller as DNS server.

Message 5 of 6
DaneA
NETGEAR Moderator

Re: VPN between two SRX5308 acts strange

@diggyz,

 

Were you able to try to use the LAN IP of SRX5308 on both sites to be set as the DNS of the devices and check if it helps? For example: if the LAN IP Address of the SRX5308 in Site A is 192.168.10.1, set 192.168.10.1 to be the DNS of the PCs within Site A and if the LAN IP Address of the SRX5308 in Site B is 10.10.1.1, set 10.10.1.1 to be the DNS of the PCs within Site B.

 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 6 of 6
Top Contributors
Discussion stats
  • 5 replies
  • 1106 views
  • 0 kudos
  • 2 in conversation
Announcements