Here is a flow trace. It shows packet gets dropped because there is no untrust to untruct policy... This is a route-based vpn now, so I am not sure what to do with that.
Thanks, Paul
srxfirewall% cat flow.trace
Aug 28 12:33:02 12:33:01.729500:CID-0:RT:dec vector=829912c. rc 0x0
Aug 28 12:33:02 12:33:01.729500:CID-0:RT: fe-0/0/0.0:174.73.4.183->50.58.28.182, 50
Aug 28 12:33:02 12:33:01.729500:CID-0:RT: find flow: table 0x44d637b0, hash 33745(0xffff), sa 174.73.4.183, da 50.58.28.182, sp 56128, dp 4962, proto 50, tok 7
Aug 28 12:33:02 12:33:01.729500:CID-0:RT: flow got session.
Aug 28 12:33:02 12:33:01.729500:CID-0:RT: flow session id 10925
Aug 28 12:33:02 12:33:01.729500:CID-0:RT: flow_decrypt: tun 4482e7d0(flag 82), iif 74
Aug 28 12:33:02 12:33:01.729500:CID-0:RT:<174.73.4.183/0->50.58.28.182/0;50> :
Aug 28 12:33:02 12:33:01.729500:CID-0:RT:packet [120] ipid = 2905, @40944b22
Aug 28 12:33:02 12:33:01.729500:CID-0:RT: ----- flow_process_pkt rc 0xf (fp rc 0)
Aug 28 12:33:02 12:33:01.729500:CID-0:RT:<172.16.9.6/46849->10.249.6.132/768;1> :
Aug 28 12:33:02 12:33:01.729500:CID-0:RT:packet [60] ipid = 2904, @40944b4e
Aug 28 12:33:02 12:33:01.729500:CID-0:RT:---- flow_process_pkt: (thd 1): flow_ctxt type 1, common flag 0x0, mbuf 0x40944900, rtbl_idx = 0
Aug 28 12:33:02 12:33:01.729500:CID-0:RT: in_ifp <junos-self:.local..0>
Aug 28 12:33:02 12:33:01.729500:CID-0:RT:flow_process_pkt_exception: setting rtt in lpak to 45469128
Aug 28 12:33:02 12:33:01.729500:CID-0:RT:pkt out of tunnel.Proceed normally
Aug 28 12:33:02 12:33:01.729500:CID-0:RT: fe-0/0/0.0:172.16.9.6->10.249.6.132, icmp, (8/0)
Aug 28 12:33:02 12:33:01.729500:CID-0:RT: find flow: table 0x44d637b0, hash 4844(0xffff), sa 172.16.9.6, da 10.249.6.132, sp 46849, dp 768, proto 1, tok 7
Aug 28 12:33:02 12:33:01.729500:CID-0:RT: no session found, start first path. in_tunnel - 1149429712, from_cp_flag - 0
Aug 28 12:33:02 12:33:01.729500:CID-0:RT: flow_first_create_session
Aug 28 12:33:02 12:33:01.729500:CID-0:RT: flow_first_in_dst_nat: in <fe-0/0/0.0>, out <N/A> dst_adr 10.249.6.132, sp 46849, dp 768
Aug 28 12:33:02 12:33:01.729500:CID-0:RT: chose interface N/A as incoming nat if.
Aug 28 12:33:02 12:33:01.729500:CID-0:RT:flow_first_rule_dst_xlate: DST no-xlate: 0.0.0.0(0) to 10.249.6.132(768)
Aug 28 12:33:02 12:33:01.729500:CID-0:RT:flow_first_routing: vr_id 0, call flow_route_lookup(): src_ip 172.16.9.6, x_dst_ip 10.249.6.132, in ifp fe-0/0/0.0, out ifp N/A sp 46849, dp 768, ip_proto 1, tos 0
Aug 28 12:33:02 12:33:01.729500:CID-0:RT:Doing DESTINATION addr route-lookup
Aug 28 12:33:02 12:33:01.729500:CID-0:RT: routed (x_dst_ip 10.249.6.132) from untrust (fe-0/0/0.0 in 0) to st0.0, Next-hop: 10.249.6.132
Aug 28 12:33:02 12:33:01.729500:CID-0:RT: policy search from zone untrust-> zone untrust (0x0,0xb7010300,0x300)
Aug 28 12:33:02 12:33:01.729500:CID-0:RT: app 0, timeout 60s, curr ageout 60s
Aug 28 12:33:02 12:33:01.729500:CID-0:RT: packet dropped, denied by policy
Aug 28 12:33:02 12:33:01.729500:CID-0:RT: packet dropped, policy deny.
Aug 28 12:33:02 12:33:01.729500:CID-0:RT: flow find session returns error.
Aug 28 12:33:02 12:33:01.729500:CID-0:RT:flow_process_pkt_exception: Freeing lpak 3fdeda50 associated with mbuf 0x40944900
Aug 28 12:33:02 12:33:01.729500:CID-0:RT: ----- flow_process_pkt rc 0x7 (fp rc 0)