Hello,
Can anyone help me? I have several Juniper SRX 300 devices that I want to connect using AutoVPN with a preshared key. One of them will act as the hub, and the others as spokes. But I can't seem to get it to work. Maybe I just don't know what to configure under "security ike gateway dynamic". All the configurations I try result in only one spoke being able to connect. The next one simply hijacks the connection. I understand this is because all the spokes have the same “local-identity hostname.” But when I configure them with different ones, the connection fails with the error: “Negotiation failed with error code AUTHENTICATION_FAILED received from peer”
my config: hub
proposal ike_prop_autovpn {
authentication-method pre-shared-keys;
dh-group group14;
authentication-algorithm sha-256;
encryption-algorithm aes-256-cbc;
lifetime-seconds 86400;
}
policy ike_pol_autovpn {
proposals ike_prop_autovpn;
pre-shared-key ascii-text ## SECRET-DATA
}
gateway gw_autovpn {
ike-policy ike_pol_autovpn;
dynamic hostname example.loc;
local-identity hostname hub.example.loc;
external-interface ge-0/0/0.0;
version v2-only;
}
spoke
proposal ike_prop_autovpn {
authentication-method pre-shared-keys;
dh-group group14;
authentication-algorithm sha-256;
encryption-algorithm aes-256-cbc;
lifetime-seconds 86400;
}
policy ike_vpn_pol {
mode main;
proposals ike_vpn_proposal;
pre-shared-key ascii-text ## SECRET-DATA
}
gateway gw_toJuniperHUB {
ike-policy ike_pol_autovpn;
address HUB_IP;
local-identity hostname spoke1.example.loc;
remote-identity hostname hub.example.loc;
external-interface ge-0/0/0.0;
version v2-only;
}