Looking for possible solution.
I have Juniper SRX 1400 (12.1X47-D20.7) with static WAN IP in data-center and multiple sites with dynamic WAN IP addresses. I need to build with them site-to-site VPN's. All what I've found is a multiple ike gateways configured with ike policy using aggressive mode. Most of examples shows single IPSEC connection between static ip gateway and dynamic ip endpoint.
This article shows configuration example for Cisco routers, and I'm wondering if I could do something similar on SRX?
Best Answer
Here's a 'thumbnail' sketch of how to do it provided you have SRX's on both ends:
https://kb.juniper.net/InfoCenter/index?page=content&id=KB28077&cat=SRX_SERIES&actp=LIST
The basic idea is that you use a 'hostname' in the IKE gateway setup on both sides. The SRX with the dynamic IP will establish IKE using the hostname.