- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: VPN between two SRX5308 acts strange
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
VPN between two SRX5308 acts strange
Im having a problem connecting two SRX5308 over ipsec. The connection is up and everything seems to work fine. I can ping from both sites and even connect via ip-adress.
If i use hostnames i crawls and gets really really slow. Sometimes it works and sometimes it doenst. Nslookup works perfect and its quick.
Got me thinking about if it can has something todo with MTU?
Also authentication to the windows domain controller takes forever (10-15min) for the person on the other end trying to auth to over VPN.
What have I missed?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: VPN between two SRX5308 acts strange
Hi @diggyz,
Welcome to the community! 🙂
Kindly check if the Enable NetBIOS is checked on both SRX5308. On the web-GUI of the SRX5308, go to VPN > IPSec VPN > VPN Policies then select the corresponding VPN Policy and click Edit. If ever the Enable NetBIOS is already checked, kindly uncheck it then click Apply, then, check it again and click Apply to refresh it. Kindly read pages 268-270 of the SRX5308 reference manual here about NetBIOS Bridging with IPSec VPN.
About MTU sizes, refer to the table below:
You may want to try changing the MTU size to 1492 and see if it helps.
What is the current firmware version of both SRX5308?
Regards,
DaneA
NETEGAR Community Team
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: VPN between two SRX5308 acts strange
Netbios are checked on both.
Hostnames works but after some seconds i just gets stuck and nothing happens. Seems like no packets going trough. And when the other end are trying to connection to the windows AD it takes 10-15min before their computer gets logged on. Nslookup of hostnames works fine.
Firmware is 4.3.3-6 and 4.3.5-3... was both 4.3.3-6 before.
We are also using another ipsec tunnel to another network (dont know what model of router they got) which is set up excatly the same at our end that works just fine. Both IP and hostnames.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: VPN between two SRX5308 acts strange
Just want to verify, you mentioned that you have a windows domain controller. Does both sites have a windows domain controller? If yes, can you try to use the LAN IP of SRX5308 on both sites to be the DNS and check if it helps.
Also, it would be best if the SRX5308 on both sites will be on the latest firmware v4.3.5-3. You can download the latest firmware v4.3.5-3 here. Be reminded to perform a factory reset on the SRX5308 after upgrading the firmware then, reconfigure the settings from scratch in order to start clean using the latest firmware version.
Regards,
DaneA
NETEGAR Community Team
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: VPN between two SRX5308 acts strange
Only 1 sites has a domain controller. The other site are using the domain controller over VPN (or plans to do)
On the clients I have the SRX5308 as gateway and the domain controller as DNS server.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: VPN between two SRX5308 acts strange
Were you able to try to use the LAN IP of SRX5308 on both sites to be set as the DNS of the devices and check if it helps? For example: if the LAN IP Address of the SRX5308 in Site A is 192.168.10.1, set 192.168.10.1 to be the DNS of the PCs within Site A and if the LAN IP Address of the SRX5308 in Site B is 10.10.1.1, set 10.10.1.1 to be the DNS of the PCs within Site B.
Regards,
DaneA
NETGEAR Community Team