Dynamic VPN is a licensed feature. By default, a two-user evaluation license is provided (free of charge) on SRX devices and it does not expire. When more than two users have to connect concurrently, a license is required. These licenses are available as a 5, 10, 25, and 50 user license. For ordering information, refer to the following datasheet: http://www.juniper.net/us/en/local/pdf/datasheets/1000281-en.pdf.
The limitations, when configuring the Dynamic VPN, are:
The external RADIUS server is required for XAUTH and to provide an IP address in 10.3 or earlier.
The shared IKE id is not supported in 10.3 or earlier.
The custom IKE/IPsec security proposals are required in 10.3 or earlier.
FQDN is the only IKE-id supported in 10.3 or earlier.