Re: [S2S VPN] SRX DynamicIP Cisco IOS DynamicIP

Just for the record, I finally got this setup working.

The issue with no ike packets seen on the SRX was trivial...

user@SRX# show | compare 
[edit security zones security-zone Internet]
-     host-inbound-traffic {
-         system-services {
-             ike;
-         }
-     }
[edit security zones security-zone Internet interfaces ge-0/0/0.0 host-inbound-traffic system-services]
        dhcp { ... }
+       ike;

And for the information:

1. FQDNs used for identity are longer than 20 characters.

2. Cisco IOS initiates the tunnel by resolving the peer IP from FQDN.

3. SRX matches the ike gateway by FQDN ID, but you can use UFQDN (email address) if you want. There is no need to use a real fqdn as an ike identity.

4. I run multiple tunnels terminated on the SRX in this setup and all of them works fine.