Apologies if this has been asked and answered earlier.
I am configuring site to site route based VPN on SRX240H2 with Junos 12.1X44D20.3.
We have a public ip /24 range available for our network and another public ip assigned by ISP for routing the internet traffic.
So the configuration is
ge-0/0/2.0 - A.B.C.D - public ip provided by ISP
ge-0/0/4.0 - E.F.G.1 - public ip from /24 range we own
E.F.G.1 is the default gateway for all machines in that range.
A.B.C.D is the default next-hop route from this SRX.
When setting up the VPN tunnel, I am binding it to ge-0/0/4.0. Though the tunnel does get setup, no traffic flows through. I could see the encrypted packet counts increasing on my side, but counters on other side remains 0.
When we changed the tunnel binding to ge-0/0/2.0, traffic started flowing through the tunnel.
My question is - is what I was trying in first place (use E.F.G.1 as tunnel end point) a valid scenario? And how do I debug where are the packets going when the encrypted count is increasing. I tried turning traceoptions on for ipsec but not sure which file contains the log. kmd file is blank.
I would like to avoid using A.B.C.D as tunnel end point due to dependency on ISP.
Let me know if I can provide any further information to help address this query.