Internet connection dies after a day or two using Juniper Forewall over DSL

Scenario:

We have a small corporate office on a DSL connection. We have implemented a Juniper NetScreen firewall with static VPN connection to the large corporate office. We have installed this firewall twice at the same location with the same results, the internet connection boggs down after a day and eventually gets to the point of not being able to use it at all.

When we take the Juniper out and run staight DSL, it's OK. Could this be a config problem? Here is the config text for the Juniper:

set clock timezone 0
set vrouter trust-vr sharable
unset vrouter "trust-vr" auto-route-export
set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth default auth server "Local"
set admin name "XXXXXXXXXX"
set admin password "XXXXXXXXXXXXXXXXXXXXXXXXXXXX"
set admin user "XXXXXXXX" password "XXXXXXXXXXXXXXXXXXXXXXXXXX" privilege "all"
set admin port 8080
set admin auth timeout 10
set admin auth server "Local"
set admin format dos
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "trust-vr"
set zone "VLAN" vrouter "trust-vr"
set zone "Trust" tcp-rst
set zone "Untrust" block
unset zone "Untrust" tcp-rst
set zone "MGT" block
set zone "VLAN" block
set zone "VLAN" tcp-rst
set zone "Untrust" screen tear-drop
set zone "Untrust" screen syn-flood
set zone "Untrust" screen ping-death
set zone "Untrust" screen ip-filter-src
set zone "Untrust" screen land
set zone "V1-Untrust" screen tear-drop
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen ping-death
set zone "V1-Untrust" screen ip-filter-src
set zone "V1-Untrust" screen land
set interface "trust" zone "Trust"
set interface "untrust" zone "Untrust"
set interface "tunnel.1" zone "Untrust"
unset interface vlan1 ip
set interface trust ip INTERNAL NAT RANGE/24
set interface trust nat
set interface untrust ip JUNIPER WAN SIDE IP
set interface untrust route
set interface tunnel.1 ip unnumbered interface untrust
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface trust ip manageable
set interface untrust ip manageable
set interface untrust manage ping
set interface untrust manage telnet
set interface untrust manage snmp
set interface untrust manage ssl
set interface untrust manage web
set interface trust dhcp server service
set interface trust dhcp server enable
set interface trust dhcp server option gateway JUNIPER LAN SIDE IP
set interface trust dhcp server option netmask 255.255.255.0
set interface trust dhcp server option dns2 205.171.3.65
set interface trust dhcp server ip LOCAL OFFICE DHCP
set interface "untrust" webauth
set flow tcp-mss
set hostname ns5gt
set dns host dns1 205.171.2.65
set dns host dns2 205.171.3.65
set dns host schedule 06:28
set address "Trust" "CORP OFFICE NAT VPN IP" LOCAL OFFICE NAT RANGE 255.255.255.0
set address "Untrust" "CORP OFFICE NAT VPN IP" LOCAL OFFICE NAT RANGE 255.255.255.0
set ike gateway "Gateway for CORP OFFICE NAT VPN IP" address COPR OFFICE EXT IP Main outgoing-interface "untrust" preshare "VPN SHARE KEY" sec-level standard
set ike respond-bad-spi 1
set vpn "VPN for CORP OFFICE NAT VPN IP" gateway "Gateway for VPN for CORP OFFICE NAT VPN IP" replay tunnel idletime 0 sec-level standard
set vpn "VPN for COPR OFFICE NAT VPN IP" id 15 bind interface tunnel.1
set pki authority default scep mode "auto"
set pki x509 default cert-path partial
set policy id 3 from "Untrust" to "Trust"  "CORP OFFICE NAT VPN IP" "Any" "ANY" permit log
set policy id 2 from "Trust" to "Untrust"  "Any" "CORP OFFICE NAT VPN IP" "ANY" permit log
set policy id 1 from "Trust" to "Untrust"  "Any" "Any" "ANY" permit log
set global-pro policy-manager primary outgoing-interface untrust
set global-pro policy-manager secondary outgoing-interface untrust
set ssh version v2
set config lock timeout 5
set modem speed 115200
set modem retry 3
set modem interval 10
set modem idle-time 10
set snmp port listen 161
set snmp port trap 162
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset add-default-route
set route  CORP OFFICE NAT VPN ADDY/24 interface tunnel.1
set route  0.0.0.0/0 interface untrust gateway "JUNIPER WAN SIDE ADDY"
exit


 Start Free Trial