I had a working IPSec tunnel where both ends are NATted and one end is a Dynamic IP. This was built with an SRX210 at the static IP end and an SRX100 with a dynamic IP at the other end. Now I have tried to upgrade the SRX210 (12.1X46-D30.2) to an SRX300 (15.1X49-D60.7) and the tunnel no longer comes up.
Before I attempt to gather and post config and IKE logs etc, does anyone know if this should work?
I realise "Dynamic VPN" has been reinstated on 15.1X49-D60.7 but maybe this is only for those using a client like Pulse Secure rather than an SRX-to-SRX dynamic VPN.
[Aside: My old IPSec tunnel only ever worked with IKE v1. Not sure why v2-only wouldn't work. I notice also there's now a "re-auth" function in Junos 15.1X49-D60.7 VPN config. Hopefully this feature isn't mandatory because it only works with IKE v2.]
#IPSec#route-based#dynamicVPN#ike#srx300