Hi all,
I have configured ipsec tunnel between SRX3600 to SRX100, but show interfaces terse shows:
root# run show interfaces terse | match st0.100
st0.100 up down inet 172.31.50.2/30
This is configuration on SRX100 (same configuration is on SRX3600 with appropriate IPs):
set security ike proposal AES_SHA authentication-method pre-shared-keys
set security ike proposal AES_SHA dh-group group2
set security ike proposal AES_SHA authentication-algorithm sha1
set security ike proposal AES_SHA encryption-algorithm aes-256-cbc
set security ipsec proposal ESP_AES256_HMAC_SHA protocol esp
set security ipsec proposal ESP_AES256_HMAC_SHA authentication-algorithm hmac-sha1-96
set security ipsec proposal ESP_AES256_HMAC_SHA encryption-algorithm aes-256-cbc
set security ike policy AES_SHA_TO_TEST_SRX_GNC mode main
set security ike policy AES_SHA_TO_TEST_SRX_GNC proposals AES_SHA
set security ike policy AES_SHA_TO_TEST_SRX_GNC pre-shared-key ascii-text XXX
set security ike gateway AES_SHA_TO_TEST_SRX_GNC ike-policy AES_SHA_TO_TEST_SRX_GNC
set security ike gateway AES_SHA_TO_TEST_SRX_GNC address 172.16.200.100
set security ike gateway AES_SHA_TO_TEST_SRX_GNC external-interface fe-0/0/1.0
set security ipsec vpn VPN_TO_TEST_SRX_GNC bind-interface st0.100
set security ipsec vpn VPN_TO_TEST_SRX_GNC ike gateway AES_SHA_TO_TEST_SRX_GNC
set security ipsec vpn VPN_TO_TEST_SRX_GNC ike ipsec-policy ESP_AES256_HMAC_SHA
set security ipsec vpn VPN_TO_TEST_SRX_GNC establish-tunnels immediately
set security ipsec proposal ESP_AES256_HMAC_SHA
set security ipsec policy ESP_AES256_HMAC_SHA
set protocols ospf area 0.0.0.0 interface st0.100 interface-type p2p
set protocols ospf area 0.0.0.0 interface st0.100 metric 1
set interfaces st0 unit 100 description TO-->TEST_SRX_GNC
set interfaces st0 unit 100 point-to-point
set interfaces st0 unit 100 family inet mtu 1400
set interfaces st0 unit 100 family inet address 172.31.50.2/30
set security zones security-zone trust interfaces fe-0/0/1.0
set security zones security-zone trust interfaces st0.100
set security zones security-zone trust interfaces st0.100 host-inbound-traffic system-services all
set security zones security-zone trust interfaces st0.100 host-inbound-traffic protocols all
So what is misconfigured or wrong in this config?
Thanks