HI
Yes i think i can see that
show security ipsec security-associations detail
node0:
--------------------------------------------------------------------------
Virtual-system: root
Local Gateway: 213.XX, Remote Gateway: 88.XXXX
Local Identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0)
Remote Identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0)
DF-bit: clear
Direction: inbound, SPI: 323ef1ed, AUX-SPI: 0
, VPN Monitoring: -
Hard lifetime: Expires in 3026 seconds
Lifesize Remaining: Unlimited
Soft lifetime: Expires in 2397 seconds
Mode: tunnel, Type: dynamic, State: installed
Protocol: ESP, Authentication: hmac-sha1-96, Encryption: 3des-cbc
Anti-replay service: counter-based enabled, Replay window size: 64
Direction: outbound, SPI: d0a4534c, AUX-SPI: 0
, VPN Monitoring: -
Hard lifetime: Expires in 3026 seconds
Lifesize Remaining: Unlimited
Soft lifetime: Expires in 2397 seconds
Mode: tunnel, Type: dynamic, State: installed
Protocol: ESP, Authentication: hmac-sha1-96, Encryption: 3des-cbc
Anti-replay service: counter-based enabled, Replay window size: 64
and no at the moment i have no route configured to the LAN behind the PALOALTO because at the moment i want to just ping the ip address of the remote-tunnel-interface on the PALO ALTO which are in the same subnet so i dont have to setup an own route for it.
I have another SRX box connected to the 650 and i can ping the tunnel interface from the 650 to the SRX100.