Thanks for looking into this.
root@SRX_394# run show security ike security-associations
Index State Initiator cookie Responder cookie Mode Remote Address
6728753 UP 22637fd40e7557d0 8b2a3bde1982c02a Main 172.16.40.9
[edit]
root@SRX_394# run show security ipsec security-associations
Total active tunnels: 1
ID Algorithm SPI Life:sec/kb Mon vsys Port Gateway
<131073 ESP:aes-256/sha1 4900186 3513/ unlim - root 500 172.16.40.9
>131073 ESP:aes-256/sha1 7f4e639a 3513/ unlim - root 500 172.16.40.9
[edit]
root@SRX_394# run show ospf neighbor
Address Interface State ID Pri Dead
172.16.40.9 st0.0 Full 172.16.49.8 1 33
[edit]
root@SRX_394# run show ospf neighbor detail
Address Interface State ID Pri Dead
172.16.40.9 st0.0 Full 172.16.49.8 1 30
Area 0.0.0.0, opt 0x2, DR 0.0.0.0, BDR 0.0.0.0
Up 00:00:50, adjacent 00:00:50
Link state retransmission list: 1 entries
[edit]
root@SRX_394# run show ospf neighbor detail
Address Interface State ID Pri Dead
172.16.40.9 st0.0 Init 172.16.49.8 1 38
Area 0.0.0.0, opt 0x2, DR 0.0.0.0, BDR 0.0.0.0
root@SRX_394# run show log messages | match OSPF | last
Nov 6 02:17:48 SRX_394 rpd[30514]: RPD_OSPF_NBRDOWN: OSPF neighbor 172.16.40.9 (realm ospf-v2 st0.0 area 0.0.0.0) state changed from Full to Init due to 1WayRcvd (event reason: neighbor is in one-way mode)
Nov 6 02:17:57 SRX_394 rpd[30514]: RPD_OSPF_NBRUP: OSPF neighbor 172.16.40.9 (realm ospf-v2 st0.0 area 0.0.0.0) state changed from Init to ExStart due to 2WayRcvd (event reason: neighbor detected this router)
Nov 6 02:17:57 SRX_394 rpd[30514]: RPD_OSPF_NBRUP: OSPF neighbor 172.16.40.9 (realm ospf-v2 st0.0 area 0.0.0.0) state changed from Loading to Full due to LoadDone (event reason: OSPF loading completed)
Nov 6 02:18:24 SRX_394 mgd[29214]: UI_CMDLINE_READ_LINE: User 'root', command 'run show log | match OSPF '
Nov 6 02:18:29 SRX_394 mgd[29214]: UI_CMDLINE_READ_LINE: User 'root', command 'run show log messages | match OSPF '
Nov 6 02:18:38 SRX_394 rpd[30514]: RPD_OSPF_NBRDOWN: OSPF neighbor 172.16.40.9 (realm ospf-v2 st0.0 area 0.0.0.0) state changed from Full to Init due to 1WayRcvd (event reason: neighbor is in one-way mode)
root@SRX_394# run show route 172.16.40.9
inet.0: 70 destinations, 71 routes (70 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
172.16.40.9/32 *[OSPF/10] 00:00:23, metric 1
> via st0.0
SRX210:
set interfaces ge-0/0/0 mtu 1350
set interfaces ge-0/0/0 unit 0 family inet address 172.16.40.10/30
set interfaces st0 unit 0 family inet mtu 1350
set security ike respond-bad-spi 20
set security ike proposal P1 authentication-method pre-shared-keys
set security ike proposal P1 dh-group group2
set security ike proposal P1 authentication-algorithm sha1
set security ike proposal P1 encryption-algorithm aes-256-cbc
set security ike policy BLDG-1_IKE_POLICY mode main
set security ike policy BLDG-1_IKE_POLICY description "VPN to BLDG-1"
set security ike policy BLDG-1_IKE_POLICY proposals P1
set security ike policy BLDG-1_IKE_POLICY pre-shared-key ascii-text "$9$KXSWXNs2aikP24z69Cpu"
set security ike gateway BLDG-1_GW ike-policy BLDG-1_IKE_POLICY
set security ike gateway BLDG-1_GW address 172.16.40.9
set security ike gateway BLDG-1_GW external-interface ge-0/0/0.0
set security ipsec proposal P2 protocol esp
set security ipsec proposal P2 authentication-algorithm hmac-sha1-96
set security ipsec proposal P2 encryption-algorithm aes-256-cbc
set security ipsec proposal P2 lifetime-seconds 3600
set security ipsec policy BLDG-1_IPSEC_POLICY description BLDG-1_IPSEC
set security ipsec policy BLDG-1_IPSEC_POLICY perfect-forward-secrecy keys group2
set security ipsec policy BLDG-1_IPSEC_POLICY proposals P2
set security ipsec vpn BLDG-1_VPN bind-interface st0.0
set security ipsec vpn BLDG-1_VPN df-bit clear
set security ipsec vpn BLDG-1_VPN vpn-monitor source-interface ge-0/0/0.0
set security ipsec vpn BLDG-1_VPN vpn-monitor destination-ip 172.16.40.9
deactivate security ipsec vpn BLDG-1_VPN vpn-monitor
set security ipsec vpn BLDG-1_VPN ike gateway BLDG-1_GW
set security ipsec vpn BLDG-1_VPN ike ipsec-policy BLDG-1_IPSEC_POLICY
set security ipsec vpn BLDG-1_VPN establish-tunnels immediately
set security flow tcp-mss ipsec-vpn mss 1350
set security zones security-zone trust host-inbound-traffic system-services all
set security zones security-zone trust host-inbound-traffic protocols all
set security zones security-zone trust interfaces lo0.0
set security zones security-zone untrust screen untrust-screen
set security zones security-zone untrust host-inbound-traffic system-services all
set security zones security-zone untrust host-inbound-traffic protocols all
set security zones security-zone untrust interfaces ge-0/0/0.0
set security zones security-zone untrust interfaces st0.0
root@SRX_394# run show security policies
Default policy: deny-all
From zone: untrust, To zone: trust
Policy: untrust-to-trust, State: enabled, Index: 4, Scope Policy: 0, Sequence number: 1
Source addresses: any
Destination addresses: any
Applications: any
Action: permit
From zone: trust, To zone: untrust
Policy: trust-to-untrust, State: enabled, Index: 5, Scope Policy: 0, Sequence number: 1
Source addresses: any
Destination addresses: any
Applications: any
Action: permit
[edit security zones]
root@SRX_394#
root@SRX_394# show | display set
set protocols ospf traceoptions file debug-ospf
set protocols ospf traceoptions file size 5m
set protocols ospf traceoptions file files 5
set protocols ospf traceoptions flag hello
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ospf area 0.0.0.0 interface vlan.126 passive
set protocols ospf area 0.0.0.0 interface vlan.190 passive
set protocols ospf area 0.0.0.0 interface vlan.254 passive
set protocols ospf area 0.0.0.0 interface st0.0
SSG320:
BARNEY(trust-vr)-> get conf
set vrouter "trust-vr"
unset auto-route-export
set protocol ospf
set enable
set reject-default-route
exit
exit
set vrouter "trust-vr"
unset add-default-route
exit
set interface ethernet0/0 protocol ospf area 0.0.0.0
set interface ethernet0/0 protocol ospf enable
set interface ethernet0/0 protocol ospf retransmit-interval 5
set interface ethernet0/0 protocol ospf cost 1
set interface ethernet0/0 protocol ospf authentication md5 "aykqLBxLNma2ZjsD1/CsyYg3NanLvy2QMKZxspVF8SLGytAN18cmxZA=" key-id 1
set interface ethernet0/0 protocol ospf authentication active-md5-key-id 1
set interface ethernet0/2 protocol ospf area 0.0.0.0
set interface ethernet0/2 protocol ospf enable
set interface ethernet0/2 protocol ospf retransmit-interval 5
set interface ethernet0/2 protocol ospf cost 1
set interface ethernet0/2 protocol ospf authentication md5 "fCGZJrgQNdD1zysI1SC2HS48j2nqk6pWW/WvObWVp0pAqf0D6Q3h3Fc=" key-id 1
set interface loopback.8 protocol ospf area 0.0.0.0
set interface loopback.8 protocol ospf passive
set interface loopback.8 protocol ospf enable
set interface tunnel.1 protocol ospf area 0.0.0.0
set interface tunnel.1 protocol ospf enable
set interface tunnel.1 protocol ospf retransmit-interval 5
set interface tunnel.1 protocol ospf cost 1
BARNEY(trust-vr)->
BARNEY-> get interface e0/3
Interface ethernet0/3:
description ethernet0/3
number 7, if_info 7056, if_index 0, mode route
link up, phy-link up/full-duplex, admin status up
status change:11, last change:11/05/2012 12:58:38
vsys Root, zone 394, vr trust-vr
dhcp client disabled
PPPoE disabled
admin mtu 1350, operating mtu 1350, default mtu 1500
*ip 172.16.40.9/30 mac 6487.884d.3707
*manage ip 172.16.40.9, mac 6487.884d.3707
route-deny disable
pmtu-v4 disabled
ping enabled, telnet disabled, SSH disabled, SNMP disabled
web disabled, ident-reset disabled, SSL disabled
DNS Proxy disabled, webauth disabled, g-arp enabled, webauth-ip 0.0.0.0
OSPF disabled OSPFv3 disabled BGP disabled RIP disabled RIPng disabled
mtrace disabled
PIM: not configured IGMP not configured
MLD not configured
NHRP disabled
bandwidth: physical 1000000kbps, configured egress [gbw 0kbps mbw 0kbps]
configured ingress mbw 0kbps, current bw 0kbps
total allocated gbw 0kbps
DHCP-Relay disabled at interface level
DHCP-server disabled
BARNEY->
set ike p1-proposal "P1" preshare group2 esp aes256 sha-1 second 28800
set ike p2-proposal "P2" group2 esp aes256 sha-1 second 3600
set ike gateway "394_GW" address 172.16.40.10 Main outgoing-interface "ethernet0/3" preshare "4sIJeQZsN6TPSps1s8CKTbzbqrnYvdLO7A==" proposal "P1"
set ike respond-bad-spi 1
set ike ikev2 ike-sa-soft-lifetime 60
unset ike ikeid-enumeration
unset ike dos-protection
unset ipsec access-session enable
set ipsec access-session maximum 5000
set ipsec access-session upper-threshold 0
set ipsec access-session lower-threshold 0
set ipsec access-session dead-p2-sa-timeout 0
unset ipsec access-session log-error
unset ipsec access-session info-exch-connected
unset ipsec access-session use-error-log
set vpn "394_VPN" gateway "394_GW" no-replay tunnel idletime 0 proposal "P2"
unset interface tunnel.1 acvpn-dynamic-routing
BARNEY-> get config | include tunnel
set interface "tunnel.1" zone "Trust"
set interface tunnel.1 ip unnumbered interface ethernet0/3
set interface tunnel.1 mtu 1350
set flow reverse-route tunnel always
set vpn "394_VPN" gateway "394_GW" no-replay tunnel idletime 0 proposal "P2"
unset interface tunnel.1 acvpn-dynamic-routing
set interface tunnel.1 protocol ospf area 0.0.0.0
set interface tunnel.1 protocol ospf enable
set interface tunnel.1 protocol ospf retransmit-interval 5
set interface tunnel.1 protocol ospf cost 1