Hello,
@mkwmike1 wrote:
We have a number of J6350 routers deployed. On some of them, IPsec tunnels are configured under the [edit security] hierarchy using st0 interfaces, which are using the "bind-interface" statement within the vpn config.
This is JUNOS-ES config style. JUNOS-ES (Enhanced Services) is the flavor of JUNOS first introduced on J-series in parallel with regular JUNOS, then JUNOS-ES made its way to SRX too. And regular JUNOS on J-series is now EOL (latest regular JUNOS supported on J-series is 9.3R4.4). Regular JUNOS on J-series is also referred to as "legacy services JUNOS".
@mkwmike1 wrote:
On other routers, IPsec tunnels are configured under the [edit services] hierarchy using sp-0/0/0 interfaces. In the latter, next-hop service sets are used.
This is regular JUNOS config style. It is supported on M/T-series (MS-PIC hardware is required on M/T-series), MX (MS-DPC is required) and J-series with "legacy services"/regular JUNOS 9.3R4.4 or earlier.
HTH
Thanks
Alex