I am copying only the relevant configs.
Traffic Originating from
ge-0/0/7 {
unit 0 {
description "ABC Link";
family inet {
address 172.17.254.2/24;
Destined to 10.71.0.0
static route
route 10.71.0.0/16 next-hop st0.10;
route 10.1.0.0/16 next-hop 172.17.254.1;
security-zone ABC {
address-book {
address ABCzoneadd1 10.1.0.0/16;
}
}
host-inbound-traffic {
system-services {
dns;
ftp;
http;
https;
ident-reset;
ping;
snmp;
traceroute;
}
protocols {
all;
}
}
interfaces {
ge-0/0/7.0;
}
from-zone HOVPN to-zone ABC {
policy HOvpn-ABC {
match {
source-address net-HO_10-71-0-0--16;
destination-address ABCzone;
application any;
}
then {
permit;
from-zone ABC to-zone HOVPN {
policy ABC-HO {
match {
source-address ABCzone;
destination-address net-HO_10-71-0-0--16;
application any;
}
then {
permit;
VPN is up and running and clients from local network 10.31.xx.xx can access remote network at 10.71.xx.xx . The trouble is from zone ABC 10.1.xx.xx to 10.71.xx.xx