I have two SRX firewalls. One is a 320, the other is 345.
I am trying to configure AutoVPN between them.
I have found that the IKE SA is up on the hub side.
The hub has a static Public IP, which is applied with NAT by an upstream device.
The hub is always the responder.
On the spoke the SA shows as DOWN. The SA is in this state for a while before clearing itself. It will retry periodically.
The spoke uses 4G for its connection to the internet, and has a dynamic IP.
The spoke is always the initiator.
I've never seen a case where the SA is UP on one side, but DOWN on the other.
Can anyone offer any suggestions on what might cause this, or how to troubleshoot it?