I have had a SRX210 up and running in production for a few years now. Works great, been able to get it to everything I could want dual ISP routing, vpns, vlans, etc. I picked up a SRZX220 because the fe ports on the 210 started giving me issues as my traffic grew. Both the 210 and 220 have 12.1X46-D40.2 installed. I took the config on the 210 and basically just replace fe with ge and renumber the ports. Plugged it in and worked like a like charm for the network on site.
The dynamic vpn on the other hand is giving me problems. Pulse attempts to connect, it asks user to accept the certificate, fails and starts trying to connect again. It will sit in that loop forever if you let it. I never even asks for a username or password. First thing I tried was deleting out the old connection from Pulse. Next I double checked the config, ike and https are setup for the inferface. The correct external interface is set. I walked though this [SRX] Pulse client not able to connect to SRX due to configuration issues to make sure I wasn't missing something easy. No luck there so I decide to delete the dynamic vpn and run the wizard though the web interface. I run the wizard setup a everything, but I still get the same results in Pulse.
The Pulse debuglog.log didn't seem every helpful when I took a look. I pulled up the KMD log from the SRX220 and it shows a "KMD_INTERNAL_ERROR: iked_ifstate_eoc_handler: EOC msg received" from a few days ago but nothing recent.
you have possibly hit this bug: https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1135780
I had the same on a SRX240 with 12.1X46-D40 and JTAC asked me to upgrade to D45 or above. This made dynamic VPN working again.
Please try this a revert with the result.
Jonas is correct. Dynamic VPN does not work on D40 due to the bug.
Upgrading would resolve the issue for you.
Please mark my solution as accepted if it helped, Kudos are appreciated as well.
Thanks for the responses i will try upgrading and see it helps! This whole thing was making me feel very stupid.
That fixed everything. Thanks so much.