SRX

i have a SRX240b and the vpn seems to be working... well i can access RDP through the conection ping certin servers(that have been aloued) that are all on that site. but when i try and access the internet it times out but i still stay connected to the VPN and cannot ping 8.8.8.8. tracert gives the IP address but no hops. 

if anyone has any knowledge of this or of any stepps to take to figure out whats happening it would be epic. 

Hi,

Are we talking about dynamic VPN or Site-to-site VPN? Can you share the configuration and source address from where you are testing?

Hi Thanks for the response, this is a Dynamic_VPN. 

Can you share config? Are you using remote protected resource as 0.0.0.0/0,if so can you change it to more specific subnet?

also is srx your internet gateway?

are you wanting certin parts of the config as im unsure how safe it will be to post the whole thing online!!!

Yes SRX is my gateway

I’m suspecting possible problem.
It depends if you use „split tunnel” or no.

• If you are willing to do split tunnel then specify only your internal subnet for protected resources and add „remote-exceptions 0.0.0.0/0
  That way only internal subnet will get into VPN, other traffic will be bypassed
  
  
• If all your traffic are going to vpn and you wanna U-turn your traffic back to internet via srx then additional Source nat from zone untrust to untrust. And additional untrust to untrust policy

policy vpn-U-turn {
   match {
       source-address n-dynvpn-subnet-X;
       destination-address any;
       application any;
   }
   then {
       permit {
           tunnel {
               ipsec-vpn dyn-vpn;
           }
       }

   }