Hey swami - in terms of basic IPsec - the st0 I/F is used when you are creating a route based VPN. If you are doing route based then binding the st0 I/F to the G/W and policy will make it work. You then of couse have to tie a route to the I/F (set routing-options static route xxxx next-hop st0.x)
To get the general IPsec working are you building route or policy based? The steps are the same for buildout of phase 1 and phase 2:
Build Phase 1 proposal (auth and encypt meth)
Build Phase 1 policy (bind proposal to auth data)
Build Phase 1 G/W (bind policy to remote addess)
Build Phase 2 proposal (auth, encypt meth)
Build Phase 2 policy (PFS, keys..., bind proposal)
Then you would either:
Build VPN tunnel (bind phase G/W (ike) and Phase 2 policy (ipsec) to tunnel) for policy based or bind to st0 for route based. And then you of course have to deal with the policy side of everything.
I am coming off a lot of time on ScreenOS and it seems that there are more steps in JUNOS even though the result is the same and the steps are the same - it just seems a lot longer 😞
If it helps I can send you some sample configs on Monday that I have built to help me get up to speed on JUNOS IPsec.
No GRE in them though 🙂
I am gone until Monday but can send them then if you like!