SRX 220 used as a Firewall for 1 to 1 NAT with DMVPN IPSEC running thought it.
I'm running a DMVPN solustion with IPSEC between cisco routes and have a SRX at the headend to NAT the public IP address to a private one. All the spokes as using cisco routes on public IP address. The DMVPN works fine when the IPSEC is not appliyed. But once I apply the IPSEC policy I get NAT-T issues and can't get passed phase 1 of IKE. if I put the cisco command "no crypto ipsec nat-transparency udp-encaps" on to the router I don't get the NAT-T issue in the debug and phase 1 completes, but wont complete phase 2 and i'm stuck in IQ_IDLE.
Just wondering if anyone has had this problem before when using a SRX as a straight firewall? Am I missing something in the config? I have opened up UDP port 4500 which is the NAT-T port along with 51,50 and 500 but this still isn't working.