I have an SRX300 running version 15.1X49-D75.5 per current JTAC guidance and have succesfully configured a Dynamic VPN gateway. I am using the standard (i.e. non-Juniper custom) NCP Windows and Android clients.
I can establish a connection from many, if not most, public environments with the notable exception of BT Openzone (in the UK) - client logs suggest that phase 1 on port 500 is being blocked at the outset by this particular provider. I understand that upgrading to D80 will allow me to configure TCP encapsulation. HTTPS (443) is forwarded at the gateway to an internal proxy server, I have only a single external IP address.
Can anyone suggest which functionality I should configure the SRX/ clients to facilitate connections under these conditions?