i have configure my SRX 320 for DYN-VPN. The Client can connect to intern resources in the same zone und with L3 to other zones, so all works fine. For example, ICMP between 220.127.116.11 (DYN-VPN Client) to ( intern Client) 18.104.22.168 works fine.
But Traffic generated from the intern client trough the DYN-VPN Client doesn´t work/flow. I have read and try very much but i doesn´t find my issue.
In the attachement i upload my config from my Test-SRX und the outpu from a flow debug.
dynamic VPN only supports traffic sessions initiated from the dynamic vpn client. Traffic initiated from the inside to the vpn client will not work.
For this to work you will need to upgrade to 15.1X49-D80 and use the new remote access vpn client solution. Information about configuring this solution can be found here: http://forums.juniper.net/t5/Security/SSL-VPN-configuration-on-SRX-running-15-1X49-D80-4-or-higher/tac-p/306884
...but please note that the new solution requires the NCP which is a client you need to buy.
This is by design and traffic in case of Dynamic-VPN works only from client to SRX side.
Traffic from the Dyn_VPN towards intern client will work without any issues however vise versa will not becasue of the dynamic VPN design.
Thx @ Jonas and Guru