Sure. Here is my config, done with J-Web wizard and a couple of manual entries. I also thought that the SRX240 should be reachable on 191.168.171.1.1 without any clients connected on the vlan0 (or now vlan1).
_______________
## Last changed: 2015-03-22 06:34:34 GMT+1
version 12.1X44-D45.2;
system {
host-name Olysrx240;
time-zone GMT+1;
root-authentication {
encrypted-password "$1";
}
name-server {
208.67.222.222;
208.67.220.220;
}
name-resolution {
no-resolve-on-input;
}
login {
user R {
uid 2000;
class operator;
authentication {
encrypted-password "$.";
}
}
user v {
uid 2001;
class super-user;
authentication {
encrypted-password "$1";
}
}
}
services {
ssh;
telnet;
web-management {
http {
interface vlan.1;
}
https {
system-generated-certificate;
interface [ ge-0/0/0.0 vlan.1 ];
}
session {
idle-timeout 60;
}
}
dhcp {
pool 192.168.171.0/24 {
address-range low 192.168.171.10 high 192.168.171.100;
router {
192.168.171.1;
}
}
}
}
syslog {
archive size 100k files 3;
user * {
any emergency;
}
file messages {
any critical;
authorization info;
}
file interactive-commands {
interactive-commands error;
}
}
max-configurations-on-flash 5;
max-configuration-rollbacks 5;
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
ntp {
server us.ntp.pool.org;
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 192.168.178.111/24;
}
}
}
ge-0/0/1 {
unit 0 {
family ethernet-switching {
vlan {
members vlan1;
}
}
}
}
ge-0/0/2 {
unit 0 {
family ethernet-switching {
vlan {
members vlan1;
}
}
}
}
ge-0/0/3 {
unit 0 {
family ethernet-switching {
vlan {
members vlan1;
}
}
}
}
ge-0/0/4 {
unit 0 {
family ethernet-switching {
vlan {
members vlan1;
}
}
}
}
ge-0/0/5 {
unit 0 {
family ethernet-switching {
vlan {
members vlan1;
}
}
}
}
ge-0/0/6 {
unit 0 {
family ethernet-switching {
vlan {
members vlan1;
}
}
}
}
ge-0/0/7 {
unit 0 {
family ethernet-switching {
vlan {
members vlan1;
}
}
}
}
vlan {
unit 1 {
family inet {
address 192.168.171.1/24;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 192.168.178.1;
}
}
protocols {
stp;
}
security {
key-protection;
ike {
policy ike_policy_startup_rvpn {
mode aggressive;
proposal-set standard;
pre-shared-key ascii-text "$9$946dCORcyKMX-1RrvWXws";
}
gateway gw_startup_rvpn {
ike-policy ike_policy_startup_rvpn;
dynamic {
hostname SRX-GW;
connections-limit 50;
ike-user-type group-ike-id;
}
external-interface ge-0/0/0.0;
xauth access-profile remote_access_profile;
}
}
ipsec {
policy ipsec_pol_startup_rvpn {
perfect-forward-secrecy {
keys group2;
}
proposal-set standard;
}
vpn startup_rvpn {
ike {
gateway gw_startup_rvpn;
ipsec-policy ipsec_pol_startup_rvpn;
}
}
}
dynamic-vpn {
access-profile remote_access_profile;
clients {
startup_rvpn_group {
remote-protected-resources {
0.0.0.0/0;
}
ipsec-vpn startup_rvpn;
user {
v;
}
}
}
}
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
nat {
source {
rule-set nsw_srcnat {
from zone Internal;
to zone Internet;
rule nsw-src-interface {
match {
source-address 0.0.0.0/0;
destination-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
}
policies {
from-zone Internet to-zone Internal {
policy policy_startup_rvpn_Internal {
match {
source-address any;
destination-address any;
application any;
}
then {
permit {
tunnel {
ipsec-vpn startup_rvpn;
}
}
}
}
}
from-zone Internal to-zone Internet {
policy All_Internal_Internet {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone Internal {
interfaces {
vlan.1 {
host-inbound-traffic {
system-services {
ping;
dhcp;
http;
https;
ssh;
telnet;
}
}
}
}
}
security-zone Internet {
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
https;
ike;
}
}
}
}
}
}
}
access {
profile remote_access_profile {
client v {
firewall-user {
password "$9J";
}
}
address-assignment {
pool startup_rvpn_add_pool;
}
}
address-assignment {
pool startup_rvpn_add_pool {
family inet {
network 192.168.191.0/24;
range startup-rvpn-range {
low 192.168.191.101;
high 192.168.191.254;
}
}
}
}
firewall-authentication {
web-authentication {
default-profile remote_access_profile;
}
}
}
vlans {
vlan1 {
vlan-id 3;
l3-interface vlan.1;
}
}