Cannot establish outgoing IPsec connection from more than one internal client at a time

Question

I am trying to connect several internal Windows clients to an external IPsec gateway. Only the first client can communicate to the destination internal VPN network. All additional clients can establish a connection but cannot communicate over the VPN. If I reboot the UTM and try to connect again first with one of the problem clients the connection will work correctly but the original client can now no longer pass traffic over the VPN. I tested multiple clients from behind Fortinet, SonicWall, and Zyxel with no problems so I don't think the problem is at the far end. I don't know if it's part of the problem but I also have a site-to-site IPsec connection to a different network. 
 Any suggestions would be appreciated. 
 
 Thanks

sachingurung · Answer

Hi Jimmy, 
 Greetings. 
 You can monitor espdumps for the windows machine's IP address, which is not able to communicate with remote server over IPSec. 
 You can refer the link for monitoring of IPsec traffic on command line: 
 https://www.sophos.com/en-us/support/knowledgebase/115702.aspx 
 Initiate ping from the Windows client which is not able to communicate and check if the ICMP packet is forwarded through IPSec tunnel and whether the response is received. Also, flush the conntrack for Client machine's IP address; Command: conntrack -D -s x.x.x.x(Client machine IP). 
 Please contact us, if you have any further questions. 
 Thanks 
 Sachin Gurung