Good Afternoon Everyone!
I recently encountered a Dynamic VPN issue that has me scratching my head after upgrade a branch office to the SRX300. I followed these instructions to create an IPSEC VPN https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-dynamic-vpns-with-pulse-secure-clients.html#id-example-configuring-dynamic-vpn. I've opted to forgo Pulse because I don't like the idea of an exposed HTTPS interface and will be using OS native IPSEC/XAuth PSK clients (MacOS, Android).
In summary, the clients are able to establish a P1 IKE security association, exchange a few P2 handshakes before eventually timing out. Traceoptions are on for both IKE and IPSEC; I see an IKE P1 success message in the logs but nothing else. The ike-debug log also reflects a similar situation.
Without a specific error, I'm not sure where to look next. Any ideas or pointers would be greatly appreciated!
----
admin@Firewall> show security ike security-associations
Index State Initiator cookie Responder cookie Mode Remote Address
6972517 UP 952e672cfec43cf0 f7130c4655d526ab Aggressive xxx.xxx.xxx.xxx
admin@Firewall> show security ipsec security-associations
Total active tunnels: 0 Total Ipsec sas: 0
Sep 6 12:02:40 Firewall kmd[1993]: IKE negotiation successfully completed. IKE Version: 1, VPN: Dynamic-VPN Gateway: Dynamic-VPN-P1-Gateway,