SRX

Hello, 

I've setup a Policy-based VPN between my SRX210 and a provider's Checkpoint R70. I have no control on it. 
The VPN connections are good, the VPN is establish. 
My problem is that the traffic does't go trought it. The checkpoint sees in is log that we are sending packet, but it sees our encrypted-domains at 0.0.0.0/0, it should be the remote network.

here the ipsec security-associations details :

rancid@oyz-fw-01.hq> show security ipsec security-associations detail index 2
Virtual-system: root
Local Gateway: x.x.x.x, Remote Gateway: y.y.y.y
Local Identity: ipv4_subnet(any:0,[0..7]=192.168.213.0/24)
Remote Identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0)

Why my Remote Identity is 0.0.0.0/0 ??

I followed the Juniper tech docs to configure the VPN.

I tried to set the network in the proxy-identity, but, when I enable the proxy-identity, my local identy is set to 0.0.0.0/0 too..

Thanks for you help.. 

If multiple objects are configured in a policy for source address, destination address, or application, then the resulting proxy ID will be changed to zeroes.

For example say local address is 192.168.1.0/24 subnet and remote address is 10.10.1.0/24 and 10.10.2.0/24 then resulting proxy-id is 0.0.0.0 for remote.

So you need to create multiple proxy-id for each of the different subnets by creating single object in a policy for source address/destination address.

Regards,

Raveen

Thanks, 

I did something like that and it worked.

I also change the global address book to address-sets.

Thanks for your help.