Hi,
It depends on how you have your zones set up.
For example, are reth20 and st0.100 in the same security zone? Then you need an interzone policy configured.
user@srx# show security policies from-zone DMZ to-zone DMZ
policy permit-inter-zone {
match {
source-address 192.168.1.0/24;
destination-address 10.10.10.0/24;
application any;
}
then {
permit;
}
}
If the Secure Tunnel interface resides in its own zone, then you will need a regular policy from your incoming traffic zone to this security zone.