1) this is part of the ipsec negotiation.
let's assume you have gateway_A with local lan lan_A/mask_A
and gateway_B with local lan lan_B/mask_B.
if you wish to set up a vpn between gateway_A and gateway_B so lan_A/mask_A can talk to
lan_B/mask_B, you must seut up the following :
on gateway_A : proxy id : local id : lan_A/mask_A, remote id : lan_B/mask_B
on gateway_B ; proxy id : local id : lan_B/mask_B, remote id : lan_A/mask_A
2) if you have multiple subnet, and only one vpn site to site, you can setup
- route based vpn with local id and remote id set to 0.0.0.0/0
- policy based with one phase 2 (ie ipsec vpn) config and one policy per pair of local and remote lan.
the easiest is to use route based vpn.
this is described in the tech note http://www.juniper.net/techpubs/en_US/junos/information-products/topic-collections/nce/vpn-route-based-jseries-srx/route-based-vpns-j-series-srx.pdf