@muph wrote:
If a site to site connection allowed two local subnets access to the remote network, would there be two tunnels established?
This depends on how the VPN is configured. If you have multiple proxy-id pairs defined, then a separate SA will be created for each proxy-id pair. If you don't bother with proxy-ids (e.g. if you have a route-based VPN between two Junipers, which will use the proxy-id 0.0.0.0/0 on both sides of the tunnel), then only one SA is created.
@muph wrote:
If a site to site vpn allowed local networks 10.0.0.0 and 10.10.0.0 access to remote networks 192.168.1.0 and 192.168.2.0, I understand there will be 8 SA's (2 per network 1 for each direction)
Would this mean 8 VPN tunnels or 4 VPN tunnels in use?
You don't get one SA per direction; you get one SPI per direction. An SA is a logical grouping of SPIs (i.e. an SA is bidirectional). In your example, you would see 4 SAs on either firewall, meaning 4 VPN tunnels.