Actually I now have more 🙂
Maybe I didn't explain the scenario correctly up above, but in the netscreen guide it talks about creating a loopback interface connected to the VPN Zone and then use unnumbered tunnel interfaces also in the VPN zone that "borrow" the IP address of the loopback.
In this case the VPN would be bound to the unnumbered tunnel interface which is in the VPN Zone handled by VPN-VR.
So if all encrypted packets are handled by the virtual router that the interface is configured for the VPN and that interface is one of those unnumbered tunnel interface, wouldn't that mean that the VPN-VR would handle the packet?
Or am I not understanding something else?
Thanks for your quick help! We are moving from Cisco to Juniper and I am just trying to get my head wrapped around all the option. So for a I really dig the Netscreens.