We only do inband management due to the shared routing table so I don't know if the loopback filter also affects the vme port. If it does then the firewall filter needs to be updated to have an allow ssh/telnet to the vme0 address before that discard.
set filter1 term vme_access from destination-address 192.168.2.72/32
set filter1 term vme_access from protocol tcp destination-port ssh
set filter1 term vme_access from protocol tcp destination-port telnet
set filter1 term vme_access then accept
set filter1 term block_non-vme protocol tcp destination-port ssh
set filter1 term block_non-vme protocol tcp destination-port telnet
set filter1 term block_non-vme then discard
set filter1 term Default_allow then accept
Personally, I do the above using prefix-lists for ease of deployment.
1) Get vme's address
set policy-statement prefix-list PL-VME apply-path "interfaces vme unit <*> family inet address <*>"
2) Get all addresses assigned to the device; will pick up vme also.
set policy-statement prefix-list PL-MY_ADDRESSES apply-path "interfaces <*> unit <*> family inet address <*>"
3) Use in the filter.
edit firewall family inet
# allow access to the vme address first
set filter1 term vme_access from destination-prefix-list PL-VME
set filter1 term vme_access from protocol tcp destination-port ssh
set filter1 term vme_access from protocol tcp destination-port telnet
set filter1 term vme_access then accept
# now block access to any of my addresses if it wasn't already allowed above
set filter1 term block_non-vme from destination-prefix-list PL-MY_ADDRESSES
set filter1 term block_non-vme protocol tcp destination-port ssh
set filter1 term block_non-vme protocol tcp destination-port telnet
set filter1 term block_non-vme then discard
# last, allow everything else
set filter1 term Default_allow then accept
Benefit of doing it this way is you can pick up that entire configuration and apply it to any other device without having to do -any- modifications on subsequent devices to achieve the same result. If you want to verify what it is doing, use the " | display inheritance" option.
show policy-options prefix-list PL-VME | display inheritance
show policy-options prefix-list PL-MY_ADDRESSES | display inheritance