Using vpnc with Juniper / Junos / SRX
-------------------------------------

Breif instructions for using vpnc with the dynamic vpn feature of the
SRX.  Make sure your SRX config is set up with "shared-ike-id".  Make
sure the SRX "dynamic hostname" matches the vpnc "IPSec ID".

Example VPNC Config
-------------------
  Vendor juniper
  IPSec gateway 192.168.10.1
  IPSec ID example.com
  IPSec secret TheGroupSecret
  Xauth username joe
  Xauth password joespw
  IKE Authmode psk
  IKE DH Group dh2
  Perfect Forward Secrecy dh2

Example SRX Config
------------------
  # IKE Phase 1
  set security ike policy DYN-VPN-IKE mode aggressive
  set security ike policy DYN-VPN-IKE proposal-set standard
  set security ike policy DYN-VPN-IKE pre-shared-key ascii-text "TheGroupSecret"
  set security ike gateway DYN-VPN-GW ike-policy DYN-VPN-IKE
  set security ike gateway DYN-VPN-GW dynamic hostname example.com
  set security ike gateway DYN-VPN-GW dynamic connections-limit 10
  set security ike gateway DYN-VPN-GW dynamic ike-user-type shared-ike-id
  set security ike gateway DYN-VPN-GW external-interface ge-0/0/15.0
  set security ike gateway DYN-VPN-GW xauth access-profile DYN-VPN-PROFILE
  # IKE Phase 2
  set security ipsec policy DYN-VPN-IPSEC-POLICY perfect-forward-secrecy keys group2
  set security ipsec policy DYN-VPN-IPSEC-POLICY proposal-set standard
  set security ipsec vpn DYN-VPN-IPSEC ike gateway DYN-VPN-GW
  set security ipsec vpn DYN-VPN-IPSEC ike ipsec-policy DYN-VPN-IPSEC-POLICY
  # VPN
  #   laptop[joe@example.com] <======> 192.168.10.1[example.com] <-----> 10.10.10.0/24[internal]
  set access profile DYN-VPN-PROFILE address-assignment pool DYN-VPN-POOL
  set access address-assignment pool DYN-VPN-POOL family inet network 10.10.10.0/24
  set access address-assignment pool DYN-VPN-POOL family inet range dvpn-range low 10.10.10.24
  set access address-assignment pool DYN-VPN-POOL family inet range dvpn-range high 10.10.10.96
  set access address-assignment pool DYN-VPN-POOL family inet xauth-attributes primary-dns 8.8.8.8/32
  set security dynamic-vpn access-profile DYN-VPN-PROFILE
  set security dynamic-vpn clients all remote-protected-resources 192.168.10.1/24
  set security dynamic-vpn clients all remote-exceptions 0.0.0.0/0
  set security dynamic-vpn clients all ipsec-vpn DYN-VPN-IPSEC
  set security policies from-zone UNTRUST to-zone TRUST policy DYN-VPN match source-address any
  set security policies from-zone UNTRUST to-zone TRUST policy DYN-VPN match destination-address any
  set security policies from-zone UNTRUST to-zone TRUST policy DYN-VPN match application any
  set security policies from-zone UNTRUST to-zone TRUST policy DYN-VPN then permit tunnel ipsec-vpn DYN-VPN-IPSEC
  set access firewall-authentication web-authentication default-profile DYN-VPN-PROFILE
  # Local firewall user (joe)
  set access profile DYN-VPN-PROFILE client joe firewall-user password "joespw"
  set security dynamic-vpn clients all user joe
