Hi,
Once I had the same issue , take a look at :
http://forums.juniper.net/t5/SRX-Services-Gateway/SRX-Dynamic-VPN-Version/td-p/278324
If doesn't help try the following :
Basic Dynamic-VPN troubleshooting commands
1- Setup the traceoptions
# set security ike traceoptions file ike-debug
# set security ike traceoptions flag all
# set security ipsec traceoptions flag all
# commit
# run clear log ike-debug
2- Now try to connect and run this show command
# run show log ike-debug | match ike
————————————————————————–
Clearing the Token Info
1- run the shell, and execute this command :
admin@Abed> start shell
% rm -rf /var/db/dynamic-vpn-ipsec/tokens-info
% cli
2- Now, restart the web-management
admin@Abed> restart web-management
Web management gatekeeper process started, pid 8500
————————————————————————–
# set system processes general-authentication-service traceoptions flag all
#commit
> show log authd
————————————————————————–
restart ipsec-key-management
————————————————————————–
clear security dynamic-vpn ? << all/user >>
————————————————————————–
For VPN debugging, which enables logging to the KMD log by default without the need to commit:
>request security ike debug-enable local <ip-address> remote <ip-address> level <level>
and to turn off:
>request security ike debug-disable
Review logs written to /var/log/kmd:
> show log kmd
Checking the debug status:
> show security ike debug-status
For taking a tcpdump of an interface to analyze with Wireshark or similar (Hidden command):
>monitor traffic interface ge-0/0/1.0 write-file test.pcap
Can be viewed on the SRX also (Hidden command):
>monitor traffic read-file test.pcap
————————————————————————–
I recomment those three websites !
http://chimera.labs.oreilly.com/books/1234000001633/ch10.html
http://rtoodtoo.net/jncie-sec-traceoptions-ipsec-troubleshooting/
http://itzecurity.blogspot.co.il/2013/08/vpn-configuration-and-troubleshooting.html