Hi
Firstly, you have posted encryption keys and passwords onto a public forum. I would suggets that you change these now.
In future I would suggest replacing keys and passwords with XXXXXXX.
Anyway, back to your question.
There are a few things that areincorrect with your config. Sorry.
I would suggest that you create a seperate security zone for the 172.16.200/24 range and you need to assign an IP address from the 172.16.200/24 network to the vlan associated with it.
Currently your config does not know where to send packets for the 172.16.200/24. It is not a connected network range.
I have attached an example config which shows this.
Please change your untrust allowed services. Currently your SRX will accept and/all traffic to the interface/zone. Limit this to the traffic/protocols that you need the SRX to process....EG Dyn-VPN HTTPS/IKE