Hello,
I have created a dynamic VPN on a VSRX instance hosted in AWS. I am able to connect to the VPN using the NCP client, but I don't get a default gateway.
Here's my IKE gateway (specifying the access profile):
gateway Corios-VPN-IKE-GW {
ike-policy Corios-VPN-IKE-Pol;
dynamic {
user-at-hostname "itadmins@coriosgroup.com";
connections-limit 2;
ike-user-type shared-ike-id;
}
dead-peer-detection;
local-identity inet XXX.XXX.XXX.XXX;
external-interface ge-0/0/1.0;
aaa {
access-profile ad01-cg-radius;
}
version v1-only;
tcp-encap-profile NCP;
}
Here's the access profile:
profile ad01-cg-radius {
authentication-order radius;
address-assignment {
pool Corios-VPN;
}
radius {
authentication-server 10.1.10.7;
accounting-server 10.1.10.7;
}
radius-server {
10.1.10.7 {
port 1815;
secret "REDACTED"; ## SECRET-DATA
timeout 15;
retry 2;
source-address 10.132.0.85;
routing-instance vpn_gateway;
}
}
accounting {
order radius;
accounting-stop-on-failure;
accounting-stop-on-access-deny;
}
}
And here's my DHCP pool:
address-assignment {
pool Corios-VPN {
family inet {
network 10.132.3.0/24;
range address_range {
low 10.132.3.10;
high 10.132.3.100;
}
dhcp-attributes {
name-server {
10.129.1.11;
10.129.2.11;
}
router {
10.132.3.1;
}
}
xauth-attributes {
primary-dns 10.129.1.11/32;
secondary-dns 10.129.2.11/32;
}
}
}
}
I can connect and receive an IP address, but I don't have a default route assigned:
Unknown adapter Local Area Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::e45f:629:6728:11f9%11
IPv4 Address. . . . . . . . . . . : 10.132.3.20
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
Thanks in advance for any help on this.