m4ce/gist:35298c7091e6150ebeccdb82e1b9a825

## gistfile1.txt
[edit security]
 ike {
     policy ike-dyn-vpn-policy {
         mode aggressive;
         proposal-set standard;
         pre-shared-key ascii-text "<key>"; ## SECRET-DATA
     }
     gateway dyn-vpn-local-gw {
         ike-policy ike-dyn-vpn-policy;
         dynamic {
             hostname dynvpn;
             connections-limit 10;
             ike-user-type group-ike-id;
         }
         external-interface <interface>;
         xauth access-profile dyn-vpn-access-profile;
     }
 }
 ipsec {
     policy ipsec-dyn-vpn-policy {
         proposal-set standard;
     }
     vpn dyn-vpn {
         ike {
             gateway dyn-vpn-local-gw;
             ipsec-policy ipsec-dyn-vpn-policy;
         }
     }
 }
 dynamic-vpn {
     access-profile dyn-vpn-access-profile;
     clients {
         all {
             remote-protected-resources {
                 192.168.x.0/24; # example
             }
             remote-exceptions {
                 0.0.0.0/0;
             }
             ipsec-vpn dyn-vpn;
             user {
                 <user>;
             }
         }
     }
 }

[edit security zones security-zone internet-untrust interfaces <inteface> host-inbound-traffic system-services]
   ike;
   https;

[edit]
access {
    profile dyn-vpn-access-profile {
        authentication-order ldap;
        address-assignment {
            pool dyn-vpn-address-pool;
        }
        session-options {
            client-idle-timeout 900;
        }
        ldap-options {
            base-distinguished-name <base_dn>;
            search {
                search-filter uid=;
            }
        }
        ldap-server {
            <ldap_server> port 389;
        }
    }
    address-assignment {
        pool dyn-vpn-address-pool {
            family inet {
                network <vpn_network>/24;
                dhcp-attributes {
                    domain-name <vpn_domain_name>;
                }
                xauth-attributes {
                    primary-dns <dns_server>/32;
                }
            }
        }
    }
    firewall-authentication {
        pass-through {
            default-profile dyn-vpn-access-profile;
        }
        web-authentication {
            default-profile dyn-vpn-access-profile;
        }
    }
}
	[edit security]
	ike {
	policy ike-dyn-vpn-policy {
	mode aggressive;
	proposal-set standard;
	pre-shared-key ascii-text "<key>"; ## SECRET-DATA
	}
	gateway dyn-vpn-local-gw {
	ike-policy ike-dyn-vpn-policy;
	dynamic {
	hostname dynvpn;
	connections-limit 10;
	ike-user-type group-ike-id;
	}
	external-interface <interface>;
	xauth access-profile dyn-vpn-access-profile;
	}
	}
	ipsec {
	policy ipsec-dyn-vpn-policy {
	proposal-set standard;
	}
	vpn dyn-vpn {
	ike {
	gateway dyn-vpn-local-gw;
	ipsec-policy ipsec-dyn-vpn-policy;
	}
	}
	}
	dynamic-vpn {
	access-profile dyn-vpn-access-profile;
	clients {
	all {
	remote-protected-resources {
	192.168.x.0/24; # example
	}
	remote-exceptions {
	0.0.0.0/0;
	}
	ipsec-vpn dyn-vpn;
	user {
	<user>;
	}
	}
	}
	}

	[edit security zones security-zone internet-untrust interfaces <inteface> host-inbound-traffic system-services]
	ike;
	https;

	[edit]
	access {
	profile dyn-vpn-access-profile {
	authentication-order ldap;
	address-assignment {
	pool dyn-vpn-address-pool;
	}
	session-options {
	client-idle-timeout 900;
	}
	ldap-options {
	base-distinguished-name <base_dn>;
	search {
	search-filter uid=;
	}
	}
	ldap-server {
	<ldap_server> port 389;
	}
	}
	address-assignment {
	pool dyn-vpn-address-pool {
	family inet {
	network <vpn_network>/24;
	dhcp-attributes {
	domain-name <vpn_domain_name>;
	}
	xauth-attributes {
	primary-dns <dns_server>/32;
	}
	}
	}
	}
	firewall-authentication {
	pass-through {
	default-profile dyn-vpn-access-profile;
	}
	web-authentication {
	default-profile dyn-vpn-access-profile;
	}
	}
	}