Hello J,
This can be thought in terms of dependencies of one configuration part on the other. In JunOS, you will not be able to remove a section that is referred in other parts of the configuration.
Let's take a look at the sections in your configuration and try to identify the reference points:-
1. Tunnel Interfaces (st0) Unit Inet Config
=> It does NOT refer to any other section. Therefore, deleting other sections have NO impact on this section. But it may have been referred in "security ipsec vpn ", routing-options and security zones.
2. a ) IKE (Proposals/Policies/Gateways )
=> IKE refers external-interface name in the gateway. Other than that, Gateway refers IKE policy and IKE policy refers Ike Proposals.
b ) IPSEC (Proposals/Policies/VPN)
=> IPSEC vpn hierarchy refers st0 interface and ike gateway. Policy/Proposal hierarchies are have same references as IKE.
3. Security Zones Defined
=> Security zones are generally referred in security policies and NAT rules.
4. Routing Instances (VRF) - Static Routes
=> Routing-Instances and their static routes refer interfaces (like st0.0 ) or next-hop. But they are not referred in any other configuration parts. Therefore deleting them should be one of the easiest thing but note that it will change the routing table on the device.
Based on the above understanding, I would consider the following : -
- Delete IKE/IPSEC as they are NOT referred anywhere else. If you are deleting one stanza at a time and committing, start in the following order: -
- Delete IPSEC VPN first.
- Delete IKE gateway second.
- You can delete rest of the IKE/IPSEC at your will as without the VPN/Gateway combination, the VPN is already down.
- Deleted Routing-instances/static route (referecing st0 interface).
- Delete the security zone alongwith any policies and NAT rules referring to this security zone.
- Delete the st0 interface. (Assuming all the VPNs referring to this one are deleted.)
Hopefully I have not missed any section which you wanted to delete.
Thanks!