Hello,
I was able to bring the Dial up IPSec VPN on vSRX2 from NCP client with following configuration:
set security ike policy dynvpn-ike-policy mode aggressive
set security ike policy dynvpn-ike-policy proposal-set compatible
set security ike policy dynvpn-ike-policy proposal-set
set security ike policy dynvpn-ike-policy pre-shared-key ascii-text "$9$Hk5FCA0IhruOLx-dsY5Qz"
set security ike gateway dynvpn-gw ike-policy dynvpn-ike-policy
set security ike gateway dynvpn-gw dynamic hostname <FQDN>
set security ike gateway dynvpn-gw dynamic connections-limit 10
set security ike gateway dynvpn-gw dynamic ike-user-type shared-ike-id
set security ike gateway dynvpn-gw nat-keepalive 60
set security ike gateway dynvpn-gw external-interface <external-interface>
set security ike gateway dynvpn-gw xauth access-profile dynvpn-ncp
set security ipsec policy ipsec-dynvpn-policy perfect-forward-secrecy keys group2
set security ipsec policy ipsec-dynvpn-policy proposal-set compatible
set security ipsec vpn dynvpn-ncp df-bit copy
set security ipsec vpn dynvpn-ncp ike gateway dynvpn-gw
set security ipsec vpn dynvpn-ncp ike ipsec-policy ipsec-dynvpn-policy
set security ipsec vpn dynvpn-ncp establish-tunnels immediately
set access profile dynvpn-ncp authentication-order password
set access profile dynvpn-ncp client radela firewall-user password "$9$bKwoGkqfznCP51RcSeKoJZ"
set access profile dynvpn-ncp address-assignment pool dynvpn-pool
set access address-assignment pool dynvpn-pool family inet network 10.254.24.0/24
set access address-assignment pool dynvpn-pool family inet range test low 10.254.24.1
set access address-assignment pool dynvpn-pool family inet range test high 10.254.24.254
set access address-assignment pool dynvpn-pool family inet xauth-attributes primary-dns 172.16.0.111/32
set access address-assignment pool dynvpn-pool family inet xauth-attributes secondary-dns 172.17.0.111/32
set security zones security-zone untrust address-book address remote-vpn 10.254.24.0/24
set security policies from-zone untrust to-zone trust policy remote-vpn match source-address remote-vpn
set security policies from-zone untrust to-zone trust policy remote-vpn match destination-address any
set security policies from-zone untrust to-zone trust policy remote-vpn match application any
set security policies from-zone untrust to-zone trust policy remote-vpn then permit tunnel ipsec-vpn dynvpn-ncp
You can give it a try.
Regards,
Rushi