Dear friends,
I made configuration of Dynamic VPN, as shown in the below link :
http://www.juniper.net/documentation/en_US/junos12.1/topics/example/vpn-security-dynamic-example-configuring.html
Something interesting is happening. I see this problem with 2 different locations.
I can set up VPN while I'm in the same IP subnet
I cannot set up VPN when SRX100 is outside.
I made deep search relating with this, I see that I'm stucked at Phase1 authentication
============================================================
SRX100> show security ike security-associations
Index State Initiator cookie Responder cookie Mode Remote Address
14663 DOWN dcaf7cb8a56e1eed 0e6ff5dedfcffbd3 Aggressive 212.156.137.10
============================================================
SRX100> show log kmd-logs
Jun 17 10:59:25 SRX100 clear-log[3983]: logfile cleared
Jun 17 10:59:25 SRX100 kmd[1371]: IKE negotiation failed with error: SA unusable. IKE Version: 1, VPN: dyn-vpn Gateway: dyn-vpn-local-gw, Local: 192.168.1.50/500, Remote: 212.156.137.106/54379, Local IKE-ID: Not-Available, Remote IKE-ID: Not-Available, VR-ID: 0
============================================================
I can make status UP (and also VPN establishes) when I'm in the same IP subnet.
I made required port forwardings on remote router : (in fact I forward all ports to Juniper's ethernet IP)
TCP & UDP
1701
500
4500
443
Please help me.
Thanks in advance,
Ugur