I have setup a VPN using the guide supplied by Amazon for the SRX. All went OK and its showing as connected inthe AWS console. But traffic is not flowing either way. When I try to ping the inside tunnel from the SRX I get no response. I've followed the trouble shooting guide in the below link and all checks out until the ping test where it fails.
Please see extract from my config of the settings I added. One thing I did notice is that there is no global policy they tell you to set for the VPN do I need this as I thought I would? How can I trouble shoot further?
The policy should not be needed for self to self traffic.
I notice there is a descrepancy in the ip subnetting for the st0.2 interface:
188.8.131.52/30 is the broadcast address. the two interfaces should be 121 and 122.
I also notice that your BGP nieghbor shows a different subnet so you should confirm which is the one you have on the other side. 184.108.40.206 - also this is the subnet address where the active addresses would be 213 & 214 for the interfaces.
Steve Puluka BSEET - Juniper Ambassador IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP) http://puluka.com/home
1. Are you learning any routes from AWS via the BGP neighborship over tunnel?
2. You would need a policy from vpn zone to the zone in which your local subnet resides. I see reth0.0 here is your external interfaces, but I am assuming traffic flow is from vpn to internal zone and vice versa.