I have a scenario where in I have a route for HOST B via st0.0 on SRX A and route for HOST A via st0.0 on SRX B.
when A tries to communicate with B or vice versa the traffic communicates via the route based VPN between SRX A and SRX B.
Interesting situation is when HOST C behind SRX A tries to communicates with HOST B which is behind SRX B, because of the routing via st0.0 on SRX A the initial request goes via the tunnel . However the return traffic from B-> C gets routed outside the tunnel on SRX B and SRX A permits the traffic to go thru to HOST C.
The same scenario with Netscreen instead of a SRX at the other end just drops any TCP & UDP traffic, but permits ICMP ( because ICMP is stateless )
My question: is this normal ? for the firewall to permit one flow go via the tunnel and return flow to travel outside the tunnel ?
I can attach a diagram if my explanation above is confusing.