Hi Raheel,
Thanks, good to know it is a bug that is going to be fixed. Your workaround also works, e.g.
vpn cert-vpn {
bind-interface st0.0;
ike {
gateway cert-gw;
proxy-identity {
local 2.2.2.2/32;
remote 1.1.1.1/32;
service myapp;
}
ipsec-policy ipsec-pol;
}
establish-tunnels immediately;
}
[edit]
lab@srxB-2# show applications
application myapp {
protocol tcp;
destination-port 1300;
}
in this case, VPN goes up
Sep 18 16:51:01 KMD_PM_SA_ESTABLISHED: Local gateway: 1.4.1.2, Remote gateway: 1.3.1.2, Local ID: ipv4(tcp:0,[0..3]=2.2.2.2), Remote ID: ipv4(tcp:1300,[0..3]=1.1.1.1), Direction: inbound, SPI: b138d754, AUX-SPI: 0, Mode: tunnel, Type: dynamic
Sep 18 16:51:01 KMD_PM_SA_ESTABLISHED: Local gateway: 1.4.1.2, Remote gateway: 1.3.1.2, Local ID: ipv4(tcp:0,[0..3]=2.2.2.2), Remote ID: ipv4(tcp:1300,[0..3]=1.1.1.1), Direction: outbound, SPI: 5ff68599, AUX-SPI: 0, Mode: tunnel, Type: dynamic
Sep 18 16:51:01 Quick mode negotiation succeeded for p1_local=ipv4(udp:500,[0..3]=1.4.1.2) p1_remote=ipv4(udp:500,[0..3]=1.3.1.2) p2_local=ipv4(tcp:0,[0..3]=2.2.2.2) p2_remote=ipv4(tcp:0,[0..3]=1.1.1.1)
However I still don't completely understand why it sometimes writes tcp:0 and in other places tcp:1300.
Anyway, thanks a lot.