Hi
You can, however you should use not st0.2 itself but ip address on the other end of the tunnel.
For example
lab@srxA-1# show interfaces st0
unit 0 {
family inet {
address 192.168.100.1/24;
}
}
[edit]
lab@srxA-1# show services rpm
probe rpm1 {
test t1 {
probe-type icmp-ping;
target address 192.168.65.187;
probe-count 1;
probe-interval 1;
test-interval 10;
thresholds {
total-loss 1;
}
}
}
[edit]
lab@srxA-1# show services ip-monitoring
policy p1 {
match {
rpm-probe rpm1;
}
then {
preferred-route {
route 0.0.0.0/0 {
next-hop 192.168.100.2; /// IP on st0 interface on the other end of the tunnel
}
}
}
}
the result, when ip is unreachable
lab@srxA-1# run show services ip-monitoring status
Policy - p1 (Status: FAIL)
RPM Probes:
Probe name Test Name Address Status
---------------------- --------------- ---------------- ---------
rpm1 t1 192.168.65.187 FAIL
Route-Action:
route-instance route next-hop state
----------------- ----------------- ---------------- -------------
inet.0 0.0.0.0/0 192.168.100.2 APPLIED
[edit]
lab@srxA-1# run show route
inet.0: 18 destinations, 18 routes (18 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Static/1] 00:03:27, metric2 0
> to 192.168.100.2 via st0.0
If you use st0.x itself as the next-hop, the preferred route becomes, for some reason, hidden.