, I have added two policies .
another problem, that i have no any device behind srx and must use itself interface. Maybe security policies must usually be applied to transit traffic. (Following your logic )( ???). Not for itself interface.
though, it seems, I did so many time without any problems.
Also,depresses me, that I cannot ping direct connected tunnel interfaces from each other( Tunnel0 and st0.1), though both have up state
Router#show int tunnel0
Tunnel0 is up, line protocol is up
Hardware is Tunnel
Internet address is 172.16.0.1/30
MTU 17886 bytes, BW 100 Kbit/sec, DLY 50000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 1.1.1.1, destination 1.1.1.2
Tunnel protocol/transport IPSEC/IP
Tunnel TTL 255
Tunnel transport MTU 1446 bytes
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Tunnel protection via IPSec (profile "VPN_P2")
Last input 04:28:24, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
114 packets output, 9234 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
root# run show interfaces st0.1 terse
Interface Admin Link Proto Local Remote
st0.1 up up inet 172.16.0.2/30
from-zone Trust to-zone Trust {
policy 105 {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone Trust to-zone junos-host {
policy 106 {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
no result! ( no ping from 10.10.10.1 to 20.20.20.1)