Ok, im quite new to junos, but i have a fair amount of experience with ScreenOS.
I am trying to build a vpn from a new SRX 240 to a SSG.
i used this tool to build the config
https://www.juniper.net/customers/support/configtools/vpnconfig.html
The very odd part is that i can only bring up the tunnel from fxp0 but not from the virtual-router interface reth1.0. Let me elaborate.
So the tunnel builds from the SSG to 2.2.2.2 but not to 3.3.3.3 like i would want and expect it to.
is there something special i have to do with it being a virtual router?
interfaces {
fxp0 {
unit 0 {
family inet {
address 2.2.2.2/27;
}
}
}
}
reth1 {
/* Made up of ge-0/0/4 & ge-5/0/4 */
redundant-ether-options {
redundancy-group 1;
}
unit 0 {
family inet {
address 3.3.3.3/28;
}
}
}
security {
...
...
}
gateway FW1XXX {
ike-policy FW1XXX;
address 10.10.10.1;
no-nat-traversal;
external-interface reth1.0;
ipsec {
vpn VPNtoFW1XXX {
bind-interface st0.0;
ike {
gateway FW1XXX;
ipsec-policy VPNtoFW1XXX;
routing-instances {
xxx {
instance-type virtual-router;
interface reth1.0;
interface reth2.0;
interface st0.0;