SRX

All,

 

I have been bumping my head into the wall trying to get a working dynamic VPN (OS X Pulse client) with the two most recent 12.1 releases for the SRX240.  I have configured manually, through the wizard and using the KB article that includes a working config.  None of the attempts have worked.

 

the KMD errors:

 

Apr 7 20:00:44 fw1-fmtca kmd[1425]: KMD_VPN_PV_PHASE1: IKE Phase-1 Failure: No proposal chosen [spi=(null), src_ip=184.105.131.138, dst_ip=184.105.131.137]
Apr 7 20:00:44 fw1-fmtca kmd[1425]: IKE Phase-1: (Responder) Policy lookup failed [local_ip=184.105.131.138 remote_ip=184.105.131.137]
Apr 7 20:00:44 fw1-fmtca kmd[1425]: IKE negotiation failed with error: No proposal chosen. IKE Version: 1, VPN: Not-Available Gateway: Not-Available, Local: 184.105.131.138/500, Remote: 184.105.131.137/500, Local IKE-ID: Not-Available, Remote IKE-ID: Not-Available, VR-ID: 0

 

I've attached the "cleaned" config to this request.  I would greatly appreciate any help the more experienced junos dynamic vpn souls may feel like providing.

 

Thank You,

Chris

Can you try the below changes ?

1. Add Esp to host- inbound-traffic protocols for ge-0/0/0
2. Remove 0.0.0.0/0 from remote protected resource and add it to remote exceptions
3. We dont need multiple security policy pointing to same dynamic vpn. You can delete the vpn term from 2 policies and just keep one policy with vpn
4. Add establish tunnels immediately unde ipsec vpn config

Suraj,

 

Thank you very much for your quick response.  I am happy to state that implementing changes 2 and 4 have resolved my Dynamic VPN setup issue.  (Though, I suspect that change 2 would have been sufficient.)  I appreciate your assistance!