Verification output
================
AWS:

root@FAUX_AWS_MX> ... ipsec security-associations detail
Service set: ipsec_ss_ms_4_0_01, IKE Routing-instance: default

  Rule: vpn_rule_ms_4_0_01, Term: term11, Tunnel index: 1
  Local gateway: 34.207.46.5, Remote gateway: 74.116.50.69
  IPSec inside interface: si-0/0/0.1, Tunnel MTU: 1500
  UDP encapsulate: Disabled, UDP Destination port: 0
  Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0)
  Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0)

    Direction: inbound, SPI: 2923244687, AUX-SPI: 0
    Mode: tunnel, Type: dynamic, State: Installed
    Protocol: ESP, Authentication: hmac-sha1-96, Encryption: aes-cbc (128 bits)
    Soft lifetime: Expires in 2889 seconds
    Hard lifetime: Expires in 3487 seconds
    Anti-replay service: Enabled, Replay window size: 64
    Copy ToS: Enabled
    Copy TTL: Disabled, TTL value: 64

    Direction: outbound, SPI: 3849832857, AUX-SPI: 0
    Mode: tunnel, Type: dynamic, State: Installed
    Protocol: ESP, Authentication: hmac-sha1-96, Encryption: aes-cbc (128 bits)
    Soft lifetime: Expires in 2889 seconds
    Hard lifetime: Expires in 3487 seconds
    Anti-replay service: Enabled, Replay window size: 64
    Copy ToS: Enabled
    Copy TTL: Disabled, TTL value: 64

	root@FAUX_AWS_MX> ...-vpn ipsec security-associations ipsec_ss_ms_4_0_01
Service set: ipsec_ss_ms_4_0_01, IKE Routing-instance: default

  Rule: vpn_rule_ms_4_0_01, Term: term11, Tunnel index: 1
  Local gateway: 34.207.46.5, Remote gateway: 74.116.50.69
  IPSec inside interface: si-0/0/0.1, Tunnel MTU: 1500
  UDP encapsulate: Disabled, UDP Destination port: 0
    Direction SPI         AUX-SPI     Mode       Type     Protocol
    inbound   2923244687  0           tunnel     dynamic  ESP
    outbound  3849832857  0           tunnel     dynamic  ESP

	
DS:

root@DS_MX> show services ipsec-vpn ipsec security-associations detail
Service set: ipsec_ss_ms_4_0_01, IKE Routing-instance: DSI_AWSVPN

  Rule: vpn_rule_ms_4_0_01, Term: term11, Tunnel index: 1
  Local gateway: 74.116.50.69, Remote gateway: 34.207.46.5
  IPSec inside interface: si-0/0/0.1, Tunnel MTU: 1500
  UDP encapsulate: Disabled, UDP Destination port: 0
  Local identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0)
  Remote identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0)

    Direction: inbound, SPI: 3849832857, AUX-SPI: 0
    Mode: tunnel, Type: dynamic, State: Installed
    Protocol: ESP, Authentication: hmac-sha1-96, Encryption: aes-cbc (128 bits)
    Soft lifetime: Expires in 2841 seconds
    Hard lifetime: Expires in 3484 seconds
    Anti-replay service: Enabled, Replay window size: 64
    Copy ToS: Enabled
    Copy TTL: Disabled, TTL value: 64

    Direction: outbound, SPI: 2923244687, AUX-SPI: 0
    Mode: tunnel, Type: dynamic, State: Installed
    Protocol: ESP, Authentication: hmac-sha1-96, Encryption: aes-cbc (128 bits)
    Soft lifetime: Expires in 2841 seconds
    Hard lifetime: Expires in 3484 seconds
    Anti-replay service: Enabled, Replay window size: 64
    Copy ToS: Enabled
    Copy TTL: Disabled, TTL value: 64

	
root@DS_MX> ... ipsec security-associations ipsec_ss_ms_4_0_01
Service set: ipsec_ss_ms_4_0_01, IKE Routing-instance: DSI_AWSVPN

  Rule: vpn_rule_ms_4_0_01, Term: term11, Tunnel index: 1
  Local gateway: 74.116.50.69, Remote gateway: 34.207.46.5
  IPSec inside interface: si-0/0/0.1, Tunnel MTU: 1500
  UDP encapsulate: Disabled, UDP Destination port: 0
    Direction SPI         AUX-SPI     Mode       Type     Protocol
    inbound   3849832857  0           tunnel     dynamic  ESP
    outbound  2923244687  0           tunnel     dynamic  ESP

	
	
Configuration:
root@FAUX_AWS_MX> show configuration | display set
set version 16.2R1.6
set system host-name FAUX_AWS_MX
set system root-authentication encrypted-password "$5$FC1o1Asu$IMHBMN/BgSCASNMpo07ye3rdKX/wNZrBuDcYTT8rjqB"
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set chassis fpc 0 pic 0 tunnel-services bandwidth 1g
set chassis fpc 0 pic 0 inline-services
set services service-set ipsec_ss_ms_4_0_01 next-hop-service inside-service-interface si-0/0/0.1
set services service-set ipsec_ss_ms_4_0_01 next-hop-service outside-service-interface si-0/0/0.2
set services service-set ipsec_ss_ms_4_0_01 ipsec-vpn-options local-gateway 34.207.46.5
set services service-set ipsec_ss_ms_4_0_01 ipsec-vpn-rules vpn_rule_ms_4_0_01
set services ipsec-vpn rule vpn_rule_ms_4_0_01 term term11 from source-address 0.0.0.0/0
set services ipsec-vpn rule vpn_rule_ms_4_0_01 term term11 from destination-address 0.0.0.0/0
set services ipsec-vpn rule vpn_rule_ms_4_0_01 term term11 then remote-gateway 74.116.50.69
set services ipsec-vpn rule vpn_rule_ms_4_0_01 term term11 then dynamic ike-policy ike_policy_ms_4_0_0
set services ipsec-vpn rule vpn_rule_ms_4_0_01 term term11 then dynamic ipsec-policy ipsec_policy_ms_4_0_0
set services ipsec-vpn rule vpn_rule_ms_4_0_01 term term11 then clear-dont-fragment-bit
set services ipsec-vpn rule vpn_rule_ms_4_0_01 term term11 then initiate-dead-peer-detection
set services ipsec-vpn rule vpn_rule_ms_4_0_01 term term11 then dead-peer-detection interval 10
set services ipsec-vpn rule vpn_rule_ms_4_0_01 term term11 then dead-peer-detection threshold 3
set services ipsec-vpn rule vpn_rule_ms_4_0_01 match-direction input
set services ipsec-vpn ipsec proposal ipsec_proposal_ms_4_0_0 protocol esp
set services ipsec-vpn ipsec proposal ipsec_proposal_ms_4_0_0 authentication-algorithm hmac-sha1-96
set services ipsec-vpn ipsec proposal ipsec_proposal_ms_4_0_0 encryption-algorithm aes-128-cbc
set services ipsec-vpn ipsec proposal ipsec_proposal_ms_4_0_0 lifetime-seconds 3600
set services ipsec-vpn ipsec policy ipsec_policy_ms_4_0_0 perfect-forward-secrecy keys group2
set services ipsec-vpn ipsec policy ipsec_policy_ms_4_0_0 proposals ipsec_proposal_ms_4_0_0
set services ipsec-vpn ike proposal ike_proposal_ms_4_0_0 authentication-method pre-shared-keys
set services ipsec-vpn ike proposal ike_proposal_ms_4_0_0 dh-group group2
set services ipsec-vpn ike proposal ike_proposal_ms_4_0_0 authentication-algorithm sha1
set services ipsec-vpn ike proposal ike_proposal_ms_4_0_0 encryption-algorithm aes-128-cbc
set services ipsec-vpn ike proposal ike_proposal_ms_4_0_0 lifetime-seconds 28800
set services ipsec-vpn ike policy ike_policy_ms_4_0_0 mode main
set services ipsec-vpn ike policy ike_policy_ms_4_0_0 proposals ike_proposal_ms_4_0_0
set services ipsec-vpn ike policy ike_policy_ms_4_0_0 pre-shared-key ascii-text "$9$8dKLdsaJDkmTUjz69A1IYgo"
set services ipsec-vpn traceoptions file vpntrace
set services ipsec-vpn traceoptions flag all
set services ipsec-vpn establish-tunnels immediately
set interfaces ge-0/0/0 unit 0 family inet address 34.207.46.5/24
set interfaces si-0/0/0 mtu 1436
set interfaces si-0/0/0 unit 0 family inet
set interfaces si-0/0/0 unit 1 family inet tcp-mss 1379
set interfaces si-0/0/0 unit 1 family inet address 169.254.46.193/32
set interfaces si-0/0/0 unit 1 service-domain inside
set interfaces si-0/0/0 unit 2 family inet tcp-mss 1379
set interfaces si-0/0/0 unit 2 service-domain outside
set routing-options static route 0.0.0.0/0 next-hop 34.207.46.1
set routing-options static route 169.254.46.192/30 next-hop si-0/0/0.1


-----------
root@DS_MX> show configuration | display set
set version 16.2R1.6
set system host-name DS_MX
set system root-authentication encrypted-password "$5$O57iNwI3$fhqkfTae8AQcXmalGHlwMURGujPYr2aIti1M.rMKUN."
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system license keys key "E435890758 aeaqic aiagij cpabsc idycyi giydco bqgiyd"
set chassis fpc 0 pic 0 tunnel-services bandwidth 1g
set chassis fpc 0 pic 0 inline-services
set services service-set ipsec_ss_ms_4_0_01 next-hop-service inside-service-interface si-0/0/0.1
set services service-set ipsec_ss_ms_4_0_01 next-hop-service outside-service-interface si-0/0/0.2
set services service-set ipsec_ss_ms_4_0_01 ipsec-vpn-options local-gateway 74.116.50.69
set services service-set ipsec_ss_ms_4_0_01 ipsec-vpn-options local-gateway routing-instance DSI_AWSVPN
set services service-set ipsec_ss_ms_4_0_01 ipsec-vpn-rules vpn_rule_ms_4_0_01
set services ipsec-vpn rule vpn_rule_ms_4_0_01 term term11 from source-address 0.0.0.0/0
set services ipsec-vpn rule vpn_rule_ms_4_0_01 term term11 from destination-address 0.0.0.0/0
set services ipsec-vpn rule vpn_rule_ms_4_0_01 term term11 then remote-gateway 34.207.46.5
set services ipsec-vpn rule vpn_rule_ms_4_0_01 term term11 then dynamic ike-policy ike_policy_ms_4_0_0
set services ipsec-vpn rule vpn_rule_ms_4_0_01 term term11 then dynamic ipsec-policy ipsec_policy_ms_4_0_0
set services ipsec-vpn rule vpn_rule_ms_4_0_01 term term11 then clear-dont-fragment-bit
set services ipsec-vpn rule vpn_rule_ms_4_0_01 term term11 then initiate-dead-peer-detection
set services ipsec-vpn rule vpn_rule_ms_4_0_01 term term11 then dead-peer-detection interval 10
set services ipsec-vpn rule vpn_rule_ms_4_0_01 term term11 then dead-peer-detection threshold 3
set services ipsec-vpn rule vpn_rule_ms_4_0_01 match-direction input
set services ipsec-vpn ipsec proposal ipsec_proposal_ms_4_0_0 protocol esp
set services ipsec-vpn ipsec proposal ipsec_proposal_ms_4_0_0 authentication-algorithm hmac-sha1-96
set services ipsec-vpn ipsec proposal ipsec_proposal_ms_4_0_0 encryption-algorithm aes-128-cbc
set services ipsec-vpn ipsec proposal ipsec_proposal_ms_4_0_0 lifetime-seconds 3600
set services ipsec-vpn ipsec policy ipsec_policy_ms_4_0_0 perfect-forward-secrecy keys group2
set services ipsec-vpn ipsec policy ipsec_policy_ms_4_0_0 proposals ipsec_proposal_ms_4_0_0
set services ipsec-vpn ike proposal ike_proposal_ms_4_0_0 authentication-method pre-shared-keys
set services ipsec-vpn ike proposal ike_proposal_ms_4_0_0 dh-group group2
set services ipsec-vpn ike proposal ike_proposal_ms_4_0_0 authentication-algorithm sha1
set services ipsec-vpn ike proposal ike_proposal_ms_4_0_0 encryption-algorithm aes-128-cbc
set services ipsec-vpn ike proposal ike_proposal_ms_4_0_0 lifetime-seconds 28800
set services ipsec-vpn ike policy ike_policy_ms_4_0_0 mode main
set services ipsec-vpn ike policy ike_policy_ms_4_0_0 proposals ike_proposal_ms_4_0_0
set services ipsec-vpn ike policy ike_policy_ms_4_0_0 pre-shared-key ascii-text "$9$Ss/yMXVb2aGiYgkP5Q9CxNd"
set services ipsec-vpn traceoptions file vpntrace
set services ipsec-vpn traceoptions flag all
set services ipsec-vpn establish-tunnels immediately
set interfaces ge-0/0/0 unit 0 family inet address 74.116.50.69/24
set interfaces si-0/0/0 mtu 1436
set interfaces si-0/0/0 unit 0 family inet
set interfaces si-0/0/0 unit 1 family inet tcp-mss 1379
set interfaces si-0/0/0 unit 1 family inet address 169.254.46.194/32
set interfaces si-0/0/0 unit 1 service-domain inside
set interfaces si-0/0/0 unit 2 family inet tcp-mss 1379
set interfaces si-0/0/0 unit 2 service-domain outside
set routing-instances DSI_AWSVPN instance-type virtual-router
set routing-instances DSI_AWSVPN interface ge-0/0/0.0
set routing-instances DSI_AWSVPN interface si-0/0/0.1
set routing-instances DSI_AWSVPN interface si-0/0/0.2
set routing-instances DSI_AWSVPN routing-options static route 0.0.0.0/0 next-hop 74.116.50.1
set routing-instances DSI_AWSVPN routing-options static route 169.254.46.192/30 next-hop si-0/0/0.1


===========
Cannot ping si-0/0/0.1 interface on other end of tunnel-don't see any ESP traffic going over the link when pinging in the 169.254.46.192/30 range

root@FAUX_AWS_MX> ping 169.254.46.194
PING 169.254.46.194 (169.254.46.194): 56 data bytes
^C
--- 169.254.46.194 ping statistics ---
6 packets transmitted, 0 packets received, 100% packet loss

root@DS_MX> ping routing-instance DSI_AWSVPN 169.254.46.193
PING 169.254.46.193 (169.254.46.193): 56 data bytes
^C
--- 169.254.46.193 ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss

root@DS_MX>