Hi Burner,
Configuring Ipsec vpn between SRX and Cisco is tricky when more than one subnets are involved in the vpn .
for example :
2 subnets behind SRX and 3 subnets behind Cisco.
now there should 6 Ipsec SA built for each subnets.
Issue comes as how the proxy-id's are derived on SRX and Cisco device.
On Cisco , it is derived from security policy.
On SRX , it is derived from security policy but you should not group more than 1 source and 1 destination .
if you group more than one subnet then proxy-id's are derived as 0.0.0.0 which cisco device may not accept.
so if it is policy based vpn , then you need 6 security policies with 1 source and 1 destination on each policy for ( 2 SRX subnets and 3 Cisco subnets ) senario.
For Route based VPN , then you need 6 Phase 2 configuration with 6 st0 interfaces .
if you upgrade to 12.1X46 version , then you have Traffic selector configuration to map each local subnet with remote subnet under one ipsec vpn configuration with one St0 interface.
I would like to know as how many subnets are involved on SRX and Cisco and type of vpn configured on SRX and Cisco.
Regards
rparthi
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too