Ok, here's my issue. We have multiple VPN tunnels (around 70) running back from remote offices and they work great (Juniper SRX's on both ends). I need to add another that will not have the luxury of a static IP, so I need the one end to be dynamic. I've read thread after thread on this and just can't seem to get it working correctly. I've tried it with set as "local-identity hostname" and also "local-identity user-at-hostname" and in both cases I got the tunnels to establish initially, but never again after that (rebooting, powering off, etc.).
Here's my code, anybody have any suggestions?
STATIC SRX:
POLICY CODE:
mode aggressive;
proposals 2017-09-14-ike-prop;
pre-shared-key ascii-text "blah";
GATEWAY CODE:
ike-policy 2017-09-14-ike-pol;
dynamic user-at-hostname "blah@email.com";
dead-peer-detection {
always-send;
interval 10;
threshold 5;
}
local-identity inet 12.34.56.78;
external-interface ge-0/0/0.0;
version v2-only;
============
DYNAMIC SRX:
GATEWAY CODE:
mode aggressive;
proposals 2017-09-14-ike-prop;
pre-shared-key ascii-text "blah";
POLICY CODE:
ike-policy 2017-09-14-ag-ike-pol;
address 12.34.56.78;
dead-peer-detection {
always-send;
interval 10;
threshold 5;
}
local-identity user-at-hostname "blah@email.com";
external-interface fe-0/0/0.0;
version v2-only;