I believe this is what you are looking for:
Remote side:
security {
ike {
traceoptions {
file ike-trace;
flag all;
}
policy ike-policy {
mode aggressive;
proposal-set standard;
pre-shared-key ascii-text "$9$DojqfTQn/tOUjCu1IcSYgoJGi.PQ6Cu"; ## SECRET-DATA
}
gateway test-gw {
ike-policy ike-policy;
address xx.xx.xx.90;
local-identity user-at-hostname "testvpn@lab.com";
external-interface fe-0/0/7;
}
}
ipsec {
traceoptions {
flag all;
}
policy ipsec-policy {
perfect-forward-secrecy {
keys group2;
}
proposal-set standard;
}
vpn test-vpn {
bind-interface st0.0;
ike {
gateway test-gw;
ipsec-policy ipsec-policy;
}
establish-tunnels immediately;
}
}
in this config my public IP was handed out via DHCP
Core side:
ike {
traceoptions {
file ike-trace;
flag all;
}
policy ike-policy {
mode aggressive;
proposal-set standard;
pre-shared-key ascii-text "$9$82qLNbsYoJDkWLGi.mTQcylKMX-VYaGi"; ## SECRET-DATA
}
gateway test-gw {
ike-policy ike-policy;
dynamic user-at-hostname "testvpn@lab.com";
external-interface fe-0/0/7;
}
}
ipsec {
traceoptions {
flag all;
}
policy ipsec-policy {
perfect-forward-secrecy {
keys group2;
}
proposal-set standard;
}
vpn test-vpn {
bind-interface st0.0;
ike {
gateway test-gw;
ipsec-policy ipsec-policy;
}
establish-tunnels immediately;
}
}
These are the tunnel configs I used when I tested this -- the Remote side got a public IP via DHCP; the core side was statically defined
let me know if this is what you are looking for.
Cheers,
Will