Hi Dom,
Pl check here to get the information about proxy ID.
http://forums.juniper.net/t5/SRX-Services-Gateway/Proxy-id/m-p/72164/highlight/true#M8390
And
Proxy IDs that identify the traffic to be encrypted are negotiated.The proxy IDs that identify what traffic is part of the VPN.
Proxy IDs negotiation: A proxy ID is a mechanism for identifying the traffic carried within
the VPN, and it contains two components: the local and remote IP prefix, and the
service. Within IKE version 1, only a single prefix can be defined per local and remote
IP value, along with a single service.
Strictly speaking, the proxy IDs do not really need to match the traffic at all, but both
parties must match what they are negotiating in the VPN. Proxy IDs have long been
considered a nuisance when configuring VPNs because they are not really needed, and
in large part because different vendors have determined the proxy IDs differently. There
is an exception to this that was supported in ScreenOS (multiple proxy IDs), but this
isn’t supported today in the SRX.
The issue is that the proxy IDs are defined within the IKE RFC, which strictly defines
how they are formatted and what they contain. However, the RFC doesn’t exactly state
how the proxy IDs should be derived, and therefore vendors have interpreted this differently.
Ultimately, this has caused interoperability issues when trying to establish VPN
tunnels, so be advised that some tuning might be required.
Best Regards,
Suresh