Dear All, i used to configure policy based vpn from long time ago without any problems, i'm confused here that these days its not working unless i enable RIP on the trust interface !! which i do remember (or maybe i'm wrong)that i dont need to enable it !! anyone can help me please.. should the policy based VPN work without enabling RIP on the trust zone.. !!!
VPN shows active/down because VPN monitor is failing unless a route exists for the hub network. Out of curiosity, why are you using policy-based VPN for this? When using a dynamic routing protocol across VPNs, a route-based VPN is recommended. From the looks of your configs, I see no reason why you cannot use route-based. Due to the nature of RIP broadcasts or RIP/OSPF multicast, I don't recall either of these protocols work properly across policy-based VPNs.
My recommendation is change this to a route-based VPN and apply RIP on the tunnel interfaces.