I would like to know if is possible to create one VPN concentrator (srx 650) where this concentrator will be at DMZ with on only one interface to connect with our firewall. The VPN traffic , from remote LAN to headquarters arrive from firewall to SRX, and SRX return traffic to firewall with destination local LAN.
This kind of configuration is possible or I need to have one interface/zone trust and other interface/ zone untrust ?
I think are referring to route based VPN, where the VPN traffic is terminated to a tunnel interface st0.x. Then you can put the tunnel interface into appropriate security zone and flow traffic based on security policies.