SRX Services Gateway
Highlighted
SRX Services Gateway

'dynamic' Missing dynamic hostname for IKE gateway

‎05-11-2015 10:06 AM

Hi all,

 

I have a working Dynamic VPN configuration. However, when I commit the configuration I receive the following warning and I'm trying to determine how to make it go away:

 

  'dynamic'
    Missing dynamic hostname for IKE gateway ike-gate-dynvpn for ipsec_vpn dyn-vpn
commit complete

This is the IKE gateway config in question, it appears that 'hostname' and 'user-at-hostname' are mutually exclusive, however what I am connecting with requires that I use a User-FQDN (user-at-hostname) so I have to configure that in the IKE policy. The warning above appears to me like it's not finding an option it's expecting 'hostname', but since the configuration works I feel it's extraneous.

 

gateway ike-gate-dynvpn { 
ike-policy ike-pol-dynvpn;
dynamic {
user-at-hostname "user@domain.com";
connections-limit 10;
ike-user-type shared-ike-id;
}
dead-peer-detection {
interval 60;
threshold 2;
}
nat-keepalive 5;
external-interface fe-0/0/0.0;
xauth access-profile dynvpn-user;
}

 

2 REPLIES 2
Highlighted
SRX Services Gateway
Solution
Accepted by topic author mgarrido
‎08-26-2015 01:27 AM

Re: 'dynamic' Missing dynamic hostname for IKE gateway

‎05-11-2015 10:46 AM
This is not supported for dynamic VPNs. Please refer http://www.juniper.net/documentation/en_US/junos12.1x45/topics/reference/configuration-statement/sec...
Thanks,
Suraj
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too
Highlighted
SRX Services Gateway

Re: 'dynamic' Missing dynamic hostname for IKE gateway

[ Edited ]
‎05-11-2015 10:48 AM

I missed that, and that explains the message then.

 

Odd, I wonder why it isn't supported.

 

EDIT:

 

For anyone else trying to use Avaya VPN phones to the SRX, this configuration works, even if not supported, and is recommended by Avaya in this document: Application Notes for Site-to-Site VPN Tunnel using Juniper Networks SRX210 Services Gateway to support Avaya Aura® Communication Manager – Issue 1.0

 

I'm leaving it as-is for now since it is a working config, albeit finding out why it's not supported would be educational and of interest - if anyone knows it would be appreciated.