Dynamic-vpn srx220 OS 12.1X46-D35.1

Hello,

 I have been followed Example: Configuring Dynamic VPN (http://www.juniper.net/techpubs/en_US/junos12.1/topics/example/vpn-security-dynamic-example-configur...)

to configure our dynamic vpn but with static IP to each user. Connections work's fine at first connect (routing, policy, etc) but when I try to connect another time from other location my client assign wrong IP address. What's wrong?
My config:

root@SRX# show access
}
profile dyn-vpn-access-profile {
   
    }
    client u.user1 {
        xauth {
            ip-address 10.10.10.12/32;
        }
        firewall-user {
            password "$9$n9se/t0MWx-b2IELNb2GUtu0BhS"; ## SECRET-DATA
        }

}
address-assignment {
    pool dyn-vpn-address-pool {
        family inet {
            network 10.10.10.0/24;
            xauth-attributes {
                primary-dns 4.2.2.2/32;
            }
        }
    }
}

root@SRX# show interfaces

st0 {
    unit 10 {
        multipoint;
        family inet {
            next-hop-tunnel 10.10.10.12 ipsec-vpn company-ipsec-vpn-usr1;

root@SRX# show routing-options
static {
    route 0.0.0.0/0 {
        qualified-next-hop pp0.1 {
            metric 1;
        }
    }
    route 10.10.10.0/24 next-hop st0.10;
}

root@SRX# show security ike
proposal company-ike-prop {
    authentication-method pre-shared-keys;
    dh-group group2;
    authentication-algorithm sha1;
    encryption-algorithm 3des-cbc;
}
policy ike-dyn-vpn-policy {
    mode aggressive;
    proposal-set standard;
    pre-shared-key ascii-text "$9$NjbY4HkPTF/bsJUHqTQRhcrWL"; ## SECRET-DATA
}
policy company-ike-policy {
    mode aggressive;
    proposals company-ike-prop;
    pre-shared-key ascii-text "$9$39GK9t0yrv8xd9AKMLX-dqmPf36p0BSlKRE24"; ## SECRET-DATA
}

gateway company-ike-gw-usr1 {
    ike-policy company-ike-policy;
    dynamic hostname company-u.user1;
    external-interface pp0.1;
    xauth access-profile dyn-vpn-access-profile;
}

root@SRX# show security ipsec
proposal company-ipsec-prop {
    protocol esp;
    authentication-algorithm hmac-sha1-96;
    encryption-algorithm 3des-cbc;
}
policy ipsec-dyn-vpn-policy {
    proposal-set standard;
}
policy company-ipsec-policy {
    perfect-forward-secrecy {
        keys group2;
    }
    proposals company-ipsec-prop;
}

vpn company-ipsec-vpn-usr1 {
    bind-interface st0.10;
    ike {
        gateway company-ike-gw-usr1;
        ipsec-policy company-ipsec-policy;
    }
}

7t@SRXKira# show security dynamic-vpn
access-profile dyn-vpn-access-profile;
clients {
    dvpn-u.user1 {
        remote-protected-resources {
            192.168.2.0/24;
        }
        remote-exceptions {
            0.0.0.0/0;
        }
        ipsec-vpn kira-ipsec-vpn-usr1;
        user {
            u.user1;
        }
    }

root@SRX# show access profile dyn-vpn-access-profile client u.user1
xauth {
    ip-address 10.10.10.12/32;
}
firewall-user {
    password "$9$n9se/t0MWx-b2IELNb2GUtu0BhS"; ## SECRET-DATA
}

and at first time I obtain address 10.10.10.12, at next connection other but still with submask 10.10.10.0/24. Any idea?