Check 'get event include <public IP of the VPN Client>' this should give some headsup or we need to debug it.
pull up a web page on your VPN client machine and check the public IP by browsing whatismyip.com
Please follow below steps and try collecting the logs to what's is getting dropped and where:
1: set the IKE and Flow debugs on the SSG with snoop:
set db size 4096
clear db
set sa-filter <your public IP> check KB https://kb.juniper.net/InfoCenter/index?page=content&id=KB5580 for more details
2: Set the below flow and snoop filters filters:
get ff <-- to see the filters
unset ff <-- to clear the filters, make sure there is no filter before you configure a new one
set ffilter src-ip <Clinet public IP> dst-ip <VPN gateway IP>
set ffilter src-ip <VPN gateway IP> dst-ip <Clinet public IP>
snoop filter ip src-ip <Clinet public IP> dst-ip <VPN gateway IP>
snoop filter IP src-ip <VPN gateway IP> dst-ip <Clinet public IP>
snoop detail len 1500
snoop detail
3: run the debugs and the snoop:
debug flow basic
debug ike all
snoop --> Yes
4: Run the wireshark capture on the NCP client and the try connecting the VPN again, wait till it fails and then stop the debug on the SSG. Press "Esc" key on the keyboard to stop all the debugs and the snoop. Stop the wireshark captures on the machine.
KB https://kb.juniper.net/InfoCenter/index?page=content&id=KB12208
KB https://kb.juniper.net/InfoCenter/index?page=content&id=KB5411&actp=METADATA
5: get db stream on the firewall to print the debug file.
See if you find any relevant information here or share the logs after replacing the confidential information.
Thanks,
Vikas