SRX

Hi all,

I have a working Dynamic VPN configuration. However, when I commit the configuration I receive the following warning and I'm trying to determine how to make it go away:

  'dynamic'
    Missing dynamic hostname for IKE gateway ike-gate-dynvpn for ipsec_vpn dyn-vpn
commit complete

This is the IKE gateway config in question, it appears that 'hostname' and 'user-at-hostname' are mutually exclusive, however what I am connecting with requires that I use a User-FQDN (user-at-hostname) so I have to configure that in the IKE policy. The warning above appears to me like it's not finding an option it's expecting 'hostname', but since the configuration works I feel it's extraneous.

gateway ike-gate-dynvpn { 
ike-policy ike-pol-dynvpn;
dynamic {
user-at-hostname "user@domain.com";
connections-limit 10;
ike-user-type shared-ike-id;
}
dead-peer-detection {
interval 60;
threshold 2;
}
nat-keepalive 5;
external-interface fe-0/0/0.0;
xauth access-profile dynvpn-user;
}

I missed that, and that explains the message then.

Odd, I wonder why it isn't supported.

EDIT:

For anyone else trying to use Avaya VPN phones to the SRX, this configuration works, even if not supported, and is recommended by Avaya in this document: Application Notes for Site-to-Site VPN Tunnel using Juniper Networks SRX210 Services Gateway to support Avaya Aura® Communication Manager – Issue 1.0

I'm leaving it as-is for now since it is a working config, albeit finding out why it's not supported would be educational and of interest - if anyone knows it would be appreciated.