I'm trying vSRX on AWS and ran into this issue..
After creating routing instance named TEST (TEST.inet.0) I added st0.1 and st0.2 under it.
Added interfaces to the zones, checked my polices and the rest as needed.
My goal was to establish VPN tunnels between my vSRX acting as a VPN peer with IP C.C.C.C
to the other two VPN peers: VPN Peer 1 with IP A.A.A.A and VPN Peer 2 with IP B.B.B.B
In order to reach remote networks behind them: 1.1.1.1/24 and 2.2.2.2/24
And vise versa for 1.1.1.1/24 and 2.2.2.2/24 to be able to reach 3.3.3.3/24 behind vSRX.
When I setup my first tunnel with st0.1 all is working properly..
IKE security-associations:
Index State Initiator cookie Responder cookie Mode Remote Address
1111111 UP eeeeeeeeeeeeeeee ffffffffffffffff Main A.A.A.A
IPSEC security-associations:
Total active tunnels: 1 Total Ipsec sas: 1
Gateway
unlim - root 4500 A.A.A.A
unlim - root 4500 A.A.A.A
I also able to reach remote network 1.1.1.1/24 - proxy-identity remote 1.1.1.1/24
When I setup my second tunnel with st0.2, I noticed this
IKE security-associations and see that both remote VPN peers are listed:
Index State Initiator cookie Responder cookie Mode Remote Address
1111111 UP eeeeeeeeeeeeeeee ffffffffffffffff Main A.A.A.A
2222222 UP eeeeeeeeeeeeeeee ffffffffffffffff Main B.B.B.B
But for the IPSEC security-associations I see only one (the second one):
Total active tunnels: 1 Total Ipsec sas: 1
Gateway
unlim - root 4500 B.B.B.B
unlim - root 4500 B.B.B.B
Where did IPSEC security-association entry for the first VPN peer A.A.A.A go?
I also can't connect to 1.1.1.1/24
How do I accomplish this kind of connectivity so my vSRX C.C.C.C establishes tunnels to A.A.A.A and B.B.B.B?
Do I need to add anything else on vSRX?
Thank you!