sadly, once again it seems does not work for me 😞 , followed the configuration you provided, but no luck.
Yep, pp0.0 is the external ISP interface.
Now, I set my office internal network address as 192.168.200.0/24 (protected resource), with srx gateway 192.168.200.254, dhcp enabled, ip distribute from 101 - 200. I assigned the dyn-vpn-address-pool as 192.168.200.201 - 192.168.200.240. So once dynamic vpn clients is connect, they assigned a IP address which is the same as intenal subnet address. Then, add a source NAT rule, allow untrust to untrust zone traffic. And lastly, add proxy-arp. (code as follow). Dynamic vpn works fine, able to connect, able to access protected resource and access Internet. Just the route path, never goes through srx gateway....
missing something ....??
---------------------------------------------------
rule-set dyn-vpn-nat {
from zone untrust;
to zone untrust;
rule vpn-nat {
match {
source-address 192.168.200.0/24;
destination-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
-------------------------------------------
proxy-arp {
interface pp0.0 {
address {
192.168.200.201/32 to 192.168.200.240/32;
}
}
}
------------------------------------------