Hey there.
I have one SRX 210 (PPPOE, static IP) and a SRX 100 (WWAN dial in, GCNAT). Everything worked well, but it suddendly stopped working.
SRX 210 (central site, PPPOE, static IP):
security {
ike {
policy ike-policy1 {
mode aggressive;
proposal-set standard;
pre-shared-key ascii-text "$9$j5ikmzF/xxxxxxxxxx"; ## SECRET-DATA
}
gateway GW-J-Remote {
ike-policy ike-policy1;
dynamic hostname remote.dyndns.org;
dead-peer-detection {
interval 10;
threshold 5;
}
local-identity hostname central.dyndns.org;
external-interface pp0.0;
version v1-only;
}
}
ipsec {
policy vpn-policy1 {
perfect-forward-secrecy {
keys group2;
}
proposal-set standard;
}
vpn VPN-J-Remote {
bind-interface st0.0;
ike {
gateway GW-J-Remote;
ipsec-policy vpn-policy1;
}
establish-tunnels immediately;
}
}
}show log kmd-logs outputs nothing helpful.
SRX 100 (remote site, WWAN, CGNAT):
security {
ike {
policy ike-policy1 {
mode aggressive;
proposal-set standard;
pre-shared-key ascii-text "$9$9xA1AuBMxxxxxxxxxxx";
}
gateway Central-GW {
ike-policy ike-policy1;
address XXX.YYY.ZZZ.114;
local-identity hostname remote.dyndns.org;
external-interface dl0.0;
}
}
ipsec {
policy vpn-policy1 {
proposal-set standard;
}
vpn Central-VPN {
bind-interface st0.0;
ike {
gateway Central-GW;
ipsec-policy vpn-policy1;
}
establish-tunnels immediately;
}
}
}Do you have any hints to increase the logging for troubleshooting? Or can you find issues at the first glace? Would be appreciated for any help.