Fixed - was an issue with the cert. The IP was being put in as DNS: in the ASN on the cert. It needed to be generated with the IP ad IP:. Seems obvious, but I didn't realize that the SRX was so specific in that if it points to a hostname as its peer, it looks for either the CN or DNS in the ASN. If it points to an IP, the IP must be in the ASN as type = IP.
↧
