Hello,
I can see Your troubles start after this line:
Sep 19 14:52:24 [10.42.131.81 <-> 10.42.147.32] kmd_pm_ike_match_remote_id: Remote ID check failed, Received ID(type = dn (9), len = 82, value = 3050312d 302b0603 55040313 244b3931 34333131 36313434 2e6e6f6b 69617369 656d656e 736e6574 776f726b 732e636f 6d311f30 1d060355 040a1316 4e6f6b69 61205369 656d6 Sep 19 14:52:24 [10.42.131.81 <-> 10.42.147.32] kmd_pm_ike_match_remote_id: remote ID check failed Sep 19 14:52:24 [10.42.131.81 <-> 10.42.147.32] IKE SA negotiation failed for remote-ip:10.42.147.32,do tunnel failover
You need to explicitly configure local-id and remote-id to be FQDN, since JUNOS responder tries to match IP addresses by default.
set services ipsec-vpn ike policy all-ca-level-l1 remote-id fqdn BLAH-BLAH set services ipsec-vpn ike policy all-ca-level-l1 local-id fqdn BLAH-BLAH-BLAH
etc etc
HTH
Thx
Alex
