I have the following scenario:
{ LAN } ---> (SRX 3600) ---> { Internet } ---> (remote endpoint) ---> { Remote LAN }
All traffic from LAN to Remote LAN should be NAT'd and transmitted through an IPSec tunnel. I'm pretty sure my configuration is ok, at least it conforms to the application note Policy-Based VPN Configuration and Troubleshooting as well as the output of the VPN configuration tool in the KB. The relevant configuration is attached; sorry I can't supply the public IP addresses involved.
The output of show security ike security-associations is empty, and I am stumped. I have flag all configured under IKE traceoptions, and kmd log shows:
Aug 13 15:15:24 kmd_sa_cfg_free: Tunnel node for tunnel 0 (SA: 01009-vpn1) not found
Aug 13 15:15:24 Group/Shared IKE ID VPN configured: 0
Aug 13 15:15:24 kmd_diff_config_now, configuration diff complete
I have a suspicion that the NAT requirement/config may have something to do with my problem, but I don't really know how to proceed. Any ideas? Thanks in advance.