One quick question: what about also if we have this situation :
a.a.a.a----------------SRX650-----------------INTERNET-----------------ASA5520---------------b.b.b.b
Trust untrust untrust trust
1- What if some of the source network in the policy-based in Site A are not listed in Crypto ACL at Site B
2- If this will not work , what would you recommend?