Hi guys and thanks for taking time to answering me.
I've been away and wasn't able to answer earlier.
routing for multipoint is dona manually by static routing on both hub and spoke. all routes are checked and I believe are correctly configured.
hub:
route 172.26.0.0/24 next-hop 10.11.12.11; spoke1 - works fine
route 172.26.1.0/24 next-hop 10.11.12.12; spoke2 - does not work
spoke which does not work:
route 192.168.0.0/24 next-hop st0.0;
NHTB is configured automatically as these are both SRX-devices:
(i have tried to manually configure NHTB route)
show security ipsec next-hop-tunnels
10.11.12.11 st0.0 vpn_1 Auto 42.xx.xx.xx.
10.11.12.12 st0.0 vpn_2 Auto 72.xx.xx.xx
There is another Juniper SRX device in front of the spoke-SRX which does the NAT on the way out.
are there any other things I could check:
here is similar issue, the threadstarter haven't resolved:
http://www.juniperforum.com/index.php?topic=22880.0