Hi Alex, tried that, didnt make any difference though 😞
root@JuniperSRX> show security ike sa
Index State Initiator cookie Responder cookie Mode Remote Address
8243888 UP e8e4ea4595db7795 e9ecba5c9177dbec Aggressive 49.227.80.228
root@JuniperSRX> show security ipsec sa
Total active tunnels: 1
ID Algorithm SPI Life:sec/kb Mon vsys Port Gateway
<133955613 ESP:aes-128/sha1 9e208f19 28648/unlim - root 500 49.227.80.228
>133955613 ESP:aes-128/sha1 f6c0592d 28648/unlim - root 500 49.227.80.228
root@JuniperSRX> show security ipsec sa index 133955613 detail
ID: 133955613 Virtual-system: root, VPN Name: ipsec-vpn-cfgr
Local Gateway: 111.69.192.19, Remote Gateway: 49.227.80.228
Local Identity: ipv4_subnet(any:0,[0..7]=192.168.1.0/24)
Remote Identity: ipv4_subnet(any:0,[0..7]=192.168.10.0/24)
Version: IKEv1
DF-bit: clear
Bind-interface: st0.0
Direction: inbound, SPI: 9e208f19, AUX-SPI: 0
, VPN Monitoring: -
Hard lifetime: Expires in 28625 seconds
Lifesize Remaining: Unlimited
Soft lifetime: Expires in 28051 seconds
Mode: Tunnel(0 0), Type: dynamic, State: installed
Protocol: ESP, Authentication: hmac-sha1-96, Encryption: aes-cbc (128 bits)
Anti-replay service: counter-based enabled, Replay window size: 64
Direction: outbound, SPI: f6c0592d, AUX-SPI: 0
, VPN Monitoring: -
Hard lifetime: Expires in 28625 seconds
Lifesize Remaining: Unlimited
Soft lifetime: Expires in 28051 seconds
Mode: Tunnel(0 0), Type: dynamic, State: installed
Protocol: ESP, Authentication: hmac-sha1-96, Encryption: aes-cbc (128 bits)
Anti-replay service: counter-based enabled, Replay window size: 64
root@JuniperSRX> ...ix 192.168.1.0/24 destination-prefix 192.168.10.0/24
Session ID: 2113, Policy name: trust-vpn-cfgr/5, Timeout: 24, Valid
In: 192.168.1.100/7 --> 192.168.10.1/1;icmp, If: vlan.0, Pkts: 1, Bytes: 60
Out: 192.168.10.1/1 --> 192.168.1.100/7;icmp, If: st0.0, Pkts: 0, Bytes: 0
Session ID: 2342, Policy name: trust-vpn-cfgr/5, Timeout: 8, Valid
In: 192.168.1.100/50969 --> 192.168.10.1/80;tcp, If: vlan.0, Pkts: 3, Bytes: 152
Out: 192.168.10.1/80 --> 192.168.1.100/50969;tcp, If: st0.0, Pkts: 0, Bytes: 0
Session ID: 2611, Policy name: trust-vpn-cfgr/5, Timeout: 12, Valid
In: 192.168.1.100/50974 --> 192.168.10.1/80;tcp, If: vlan.0, Pkts: 3, Bytes: 152
Out: 192.168.10.1/80 --> 192.168.1.100/50974;tcp, If: st0.0, Pkts: 0, Bytes: 0
Session ID: 3135, Policy name: trust-vpn-cfgr/5, Timeout: 20, Valid
In: 192.168.1.100/50976 --> 192.168.10.1/80;tcp, If: vlan.0, Pkts: 1, Bytes: 52
Out: 192.168.10.1/80 --> 192.168.1.100/50976;tcp, If: st0.0, Pkts: 0, Bytes: 0
Session ID: 3686, Policy name: trust-vpn-cfgr/5, Timeout: 28, Valid
In: 192.168.1.100/8 --> 192.168.10.1/1;icmp, If: vlan.0, Pkts: 1, Bytes: 60
Out: 192.168.10.1/1 --> 192.168.1.100/8;icmp, If: st0.0, Pkts: 0, Bytes: 0
Session ID: 4200, Policy name: trust-vpn-cfgr/5, Timeout: 34, Valid
In: 192.168.1.100/9 --> 192.168.10.1/1;icmp, If: vlan.0, Pkts: 1, Bytes: 60
Out: 192.168.10.1/1 --> 192.168.1.100/9;icmp, If: st0.0, Pkts: 0, Bytes: 0
Session ID: 4486, Policy name: trust-vpn-cfgr/5, Timeout: 10, Valid
In: 192.168.1.100/50973 --> 192.168.10.1/80;tcp, If: vlan.0, Pkts: 3, Bytes: 152
Out: 192.168.10.1/80 --> 192.168.1.100/50973;tcp, If: st0.0, Pkts: 0, Bytes: 0
Session ID: 4749, Policy name: trust-vpn-cfgr/5, Timeout: 2, Valid
In: 192.168.1.100/50968 --> 192.168.10.1/80;tcp, If: vlan.0, Pkts: 3, Bytes: 152
Out: 192.168.10.1/80 --> 192.168.1.100/50968;tcp, If: st0.0, Pkts: 0, Bytes: 0
Session ID: 5926, Policy name: trust-vpn-cfgr/5, Timeout: 20, Valid
In: 192.168.1.100/50975 --> 192.168.10.1/80;tcp, If: vlan.0, Pkts: 1, Bytes: 52
Out: 192.168.10.1/80 --> 192.168.1.100/50975;tcp, If: st0.0, Pkts: 0, Bytes: 0
Session ID: 8014, Policy name: trust-vpn-cfgr/5, Timeout: 10, Valid
In: 192.168.1.100/50971 --> 192.168.10.1/80;tcp, If: vlan.0, Pkts: 3, Bytes: 152
Out: 192.168.10.1/80 --> 192.168.1.100/50971;tcp, If: st0.0, Pkts: 0, Bytes: 0
Session ID: 8026, Policy name: trust-vpn-cfgr/5, Timeout: 58, Valid
In: 192.168.1.100/12 --> 192.168.10.1/1;icmp, If: vlan.0, Pkts: 1, Bytes: 60
Out: 192.168.10.1/1 --> 192.168.1.100/12;icmp, If: st0.0, Pkts: 0, Bytes: 0
Session ID: 13997, Policy name: trust-vpn-cfgr/5, Timeout: 10, Valid
In: 192.168.1.100/50972 --> 192.168.10.1/80;tcp, If: vlan.0, Pkts: 3, Bytes: 152
Out: 192.168.10.1/80 --> 192.168.1.100/50972;tcp, If: st0.0, Pkts: 0, Bytes: 0
Session ID: 21807, Policy name: trust-vpn-cfgr/5, Timeout: 38, Valid
In: 192.168.1.100/10 --> 192.168.10.1/1;icmp, If: vlan.0, Pkts: 1, Bytes: 60
Out: 192.168.10.1/1 --> 192.168.1.100/10;icmp, If: st0.0, Pkts: 0, Bytes: 0
Session ID: 28643, Policy name: trust-vpn-cfgr/5, Timeout: 52, Valid
In: 192.168.1.100/11 --> 192.168.10.1/1;icmp, If: vlan.0, Pkts: 1, Bytes: 60
Out: 192.168.10.1/1 --> 192.168.1.100/11;icmp, If: st0.0, Pkts: 0, Bytes: 0
Session ID: 32454, Policy name: trust-vpn-cfgr/5, Timeout: 8, Valid
In: 192.168.1.100/50970 --> 192.168.10.1/80;tcp, If: vlan.0, Pkts: 3, Bytes: 152
Out: 192.168.10.1/80 --> 192.168.1.100/50970;tcp, If: st0.0, Pkts: 0, Bytes: 0
Total sessions: 15
root@JuniperSRX> show security flow session tunnel
Session ID: 3093, Policy name: N/A, Timeout: N/A, Valid
In: 49.227.80.228/40480 --> 111.69.192.19/36633;esp, If: at-1/0/0.0, Pkts: 0, Bytes: 0
Session ID: 5024, Policy name: N/A, Timeout: N/A, Valid
In: 49.227.80.228/0 --> 111.69.192.19/0;esp, If: at-1/0/0.0, Pkts: 0, Bytes: 0
Total sessions: 2
root@JuniperSRX> show route
inet.0: 6 destinations, 7 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Static/5] 00:25:25
> via at-1/0/0.0
[Aggregate/130] 1d 08:03:37
> via at-1/0/0.0
111.69.17.16/32 *[Direct/0] 00:25:25
> via at-1/0/0.0
111.69.192.19/32 *[Local/0] 00:25:25
Local via at-1/0/0.0
192.168.1.0/24 *[Direct/0] 00:25:54
> via vlan.0
192.168.1.1/32 *[Local/0] 1d 08:03:11
Local via vlan.0
192.168.10.0/24 *[Static/5] 00:06:26
> via st0.0
I added st0.0 to zone untrust. reboot the router but still the same thing, ping from one direction will work and enable bidirectional ping, but ping from juniper lan will fail until this happens.