Hi Wall-ED,
No special configuration are needed on the switch.
You can delete the routes that you created on Switch for 192.168.0.0/24 and 1.0/24
VPN packets will be ESP packets with external ip addresses of 2 srx devices but the ports will not be 500.
it will using different UDP ports derived from SPI .
it could be a problem with vpn itself and not switch.
Ensure you have the following:
1. show security ipsec sa and check whether inbound SPI of SRX1 is equal to Outbound SPI of SRX2 and vice versa
if it is not same , clear the ipsec and ike sa and chech it.
2. show security ipsec statistics index number will show whether SRX1 is encrypting the packets or not.
3. Check whether IPSEC Tunnel Policy is at the top of the rule base from trust to untrust and untrust to trust
4. Capture the Traceoptions on both devices for the following filter.
Filter 1 : private ip of lan machine to Private ip of Remote machine
Filter 2 : Private ip of Remote machine to private ip of lan machine
Filter 3: SRX1 Wan ip to SRX2 Wan ip with protocol as ESP
Filter 4 : SRX2Wanip to SRX1 Wanip with protocol as ESP
Check the tracefiles and verify that packet from LAN to SRX1 is encrypted and sent out via tunnel
Check the tracefile on SRX2 and verify that it is correctly getting decrypted first and then sent to the machine.
Regards,
rparthi
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too