Hello.
I have really strange and confusing IPsec behaviour in very simple configuration.
Here is the layout:
Two identical SRX100H2 with the JunOS 12.1X46-D40.2 and BIOS 2.8
SRX-01 has the ISP IP = 10.10.10.10
SRX-02 has the ISP IP = 20.20.20.20
Private network behind SRX-01 is 192.168.3.0/24
Private network behind SRX-02 is 192.168.77.0/24
Here is what I've got for this moment:
Route-based IPsec VPN with numbered interfaces configured.
Phase I and Phase II are OK.
Routes and address books and policies are configured and checked.
I can ping one SRX from another and vice versa.
Therefore, no traffic flow between 77/24 and 3/24 subnets.
I've worked with KB10093 - everything is OK, so I went to step number 8: Collect logs and flow traceoptions.
Please, take a look at 77_to_3.txt in attach.
And, here is security policies of the SRX-02:
Den@jupiter> show security policies
Default policy: deny-all
From zone: TRUST, To zone: UNTRUST
Policy: TRUST-to-INTERNET, State: enabled, Index: 4, Scope Policy: 0, Sequence number: 1
Source addresses: any
Destination addresses: any
Applications: any
Action: permit
From zone: TRUST, To zone: VPN
Policy: Trust-to-VPN, State: enabled, Index: 5, Scope Policy: 0, Sequence number: 1
Source addresses: any
Destination addresses: any
Applications: any
Action: permit
From zone: VPN, To zone: TRUST,
Policy: VPN-to-trust, State: enabled, Index: 6, Scope Policy: 0, Sequence number: 1
Source addresses: any
Destination addresses: any
Applications: any
Action: permit
Please, advise.
Thanks,
Den