I popped together a quick config..... Hopefully not missed anything..... Will point you in the right direction though
1: Interface configuration:
set interfaces (interface) unit 0 description (give it an intuitive name)
set interfaces (interface) unit 0 family inet address (first address in WAN subnet)
Set interfaces (interface) unit 0 description (give it an intuitive name)
set interfaces (interface) unit 0 family inet address (first address in Customer Subnet)
set interfaces (interface) unit 0 family inet address (first address in WAN subnet)
Set interfaces (interface) unit 0 description (give it an intuitive name)
set interfaces (interface) unit 0 family inet address (first address in Customer Subnet)
2: Create two routing instances:
set routing-instances WAN_Subnet instance-type virtual-router
set routing-instances Customer_Subnet instance-type virtual-router
set routing-instances Customer_Subnet instance-type virtual-router
3: Place interfaces in correct VR:
set routing-instances WAN_subnet interface (created in step 1)
set routing-instances WAN_subnet interface lt-0/0/0.1
set routing-instances Customer_Subnet interface (created in step 1)
set routing-instances Customer_Subnet interface lt-0/0/0.2
set routing-instances WAN_subnet interface lt-0/0/0.1
set routing-instances Customer_Subnet interface (created in step 1)
set routing-instances Customer_Subnet interface lt-0/0/0.2
4: Create the security zones and place interfaces in here:
set security zones security-zone WAN_Subnet host-inbound-traffic system-services all
set security zones security-zone WAN_Subnet host-inbound-traffic protocols all
set security zones security-zone WAN_Subnet interface (WAN interface from step 1)
set security zones security-zone WAN_Subnet interface lt-0/0/0.1
set security zones security-zone Customer_Subnet host-inbound-traffic system-services all
set security zones security-zone Customer_Subnet host-inbound-traffic protocols all
set security zones security-zone Customer_Subnet interface (Customer interface from step 1)
set security zones security-zone Customer_Subnet interface lt-0/0/0.2
set security zones security-zone WAN_Subnet host-inbound-traffic protocols all
set security zones security-zone WAN_Subnet interface (WAN interface from step 1)
set security zones security-zone WAN_Subnet interface lt-0/0/0.1
set security zones security-zone Customer_Subnet host-inbound-traffic system-services all
set security zones security-zone Customer_Subnet host-inbound-traffic protocols all
set security zones security-zone Customer_Subnet interface (Customer interface from step 1)
set security zones security-zone Customer_Subnet interface lt-0/0/0.2
5: Create the logical tunnels (pick an address range (/30) and use it) (you may have to configure these before applying to the VR and zone):
set interfaces lt-0/0/0 unit 1 description To-customer-VR
set interfaces lt-0/0/0 unit 1 encapsulation ethernet
set interfaces lt-0/0/0 unit 1 peer-unit 2
set interfaces lt-0/0/0 unit 1 family inet address 192.168.10.1/30
set interfaces lt-0/0/0 unit 2 description To-WAN-VR
set interfaces lt-0/0/0 unit 2 encapsulation ethernet
set interfaces lt-0/0/0 unit 2 peer-unit 1
set interfaces lt-0/0/0 unit 2 family inet address 192.168.10.2/30
set interfaces lt-0/0/0 unit 1 encapsulation ethernet
set interfaces lt-0/0/0 unit 1 peer-unit 2
set interfaces lt-0/0/0 unit 1 family inet address 192.168.10.1/30
set interfaces lt-0/0/0 unit 2 description To-WAN-VR
set interfaces lt-0/0/0 unit 2 encapsulation ethernet
set interfaces lt-0/0/0 unit 2 peer-unit 1
set interfaces lt-0/0/0 unit 2 family inet address 192.168.10.2/30
6: Create the address book entries (in global for now):
set security address-book global address WAN-Subnet 10.10.10.0/29
set security address-book global address Customer_subnet 10.1.0.0/27
set security address-book global address Customer_subnet 10.1.0.0/27
7: Create the required policies:
set security policies from-zone WAN_Subnet to-zone WAN_Subnet policy WAN-Side match source-address WAN-Subnet
set security policies from-zone WAN_Subnet to-zone WAN_Subnet policy WAN-Side match destination-address Customer_subnet
set security policies from-zone WAN_Subnet to-zone WAN_Subnet policy WAN-Side match application any
set security policies from-zone WAN_Subnet to-zone WAN_Subnet policy WAN-Side then permit
set security policies from-zone WAN_Subnet to-zone WAN_Subnet policy WAN-Side then log session-init
set security policies from-zone WAN_Subnet to-zone WAN_Subnet policy WAN-Side match destination-address Customer_subnet
set security policies from-zone WAN_Subnet to-zone WAN_Subnet policy WAN-Side match application any
set security policies from-zone WAN_Subnet to-zone WAN_Subnet policy WAN-Side then permit
set security policies from-zone WAN_Subnet to-zone WAN_Subnet policy WAN-Side then log session-init
set security policies from-zone WAN_Subnet to-zone WAN_Subnet policy WAN-Side1 match source-address Customer_subnet
set security policies from-zone WAN_Subnet to-zone WAN_Subnet policy WAN-Side1 match destination-address WAN-Subnet
set security policies from-zone WAN_Subnet to-zone WAN_Subnet policy WAN-Side1 match application any
set security policies from-zone WAN_Subnet to-zone WAN_Subnet policy WAN-Side1 then permit
set security policies from-zone WAN_Subnet to-zone WAN_Subnet policy WAN-Side1 then log session-init
set security policies from-zone WAN_Subnet to-zone WAN_Subnet policy WAN-Side1 match destination-address WAN-Subnet
set security policies from-zone WAN_Subnet to-zone WAN_Subnet policy WAN-Side1 match application any
set security policies from-zone WAN_Subnet to-zone WAN_Subnet policy WAN-Side1 then permit
set security policies from-zone WAN_Subnet to-zone WAN_Subnet policy WAN-Side1 then log session-init
set security policies from-zone Customer_Subnet to-zone Customer_Subnet policy Customer-Side match source-address Customer_subnet
set security policies from-zone Customer_Subnet to-zone Customer_Subnet policy Customer-Side match destination-address WAN-Subnet
set security policies from-zone Customer_Subnet to-zone Customer_Subnet policy Customer-Side match application any
set security policies from-zone Customer_Subnet to-zone Customer_Subnet policy Customer-Side then permit
set security policies from-zone Customer_Subnet to-zone Customer_Subnet policy Customer-Side then log session-init
set security policies from-zone Customer_Subnet to-zone Customer_Subnet policy Customer-Side match destination-address WAN-Subnet
set security policies from-zone Customer_Subnet to-zone Customer_Subnet policy Customer-Side match application any
set security policies from-zone Customer_Subnet to-zone Customer_Subnet policy Customer-Side then permit
set security policies from-zone Customer_Subnet to-zone Customer_Subnet policy Customer-Side then log session-init
set security policies from-zone Customer_Subnet to-zone Customer_Subnet policy Customer-Side1 match source-address WAN_subnet
set security policies from-zone Customer_Subnet to-zone Customer_Subnet policy Customer-Side1 match destination-address Customer_Subnet
set security policies from-zone Customer_Subnet to-zone Customer_Subnet policy Customer-Side1 match application any
set security policies from-zone Customer_Subnet to-zone Customer_Subnet policy Customer-Side1 then permit
set security policies from-zone Customer_Subnet to-zone Customer_Subnet policy Customer-Side1 then log session-init
set security policies from-zone Customer_Subnet to-zone Customer_Subnet policy Customer-Side1 match destination-address Customer_Subnet
set security policies from-zone Customer_Subnet to-zone Customer_Subnet policy Customer-Side1 match application any
set security policies from-zone Customer_Subnet to-zone Customer_Subnet policy Customer-Side1 then permit
set security policies from-zone Customer_Subnet to-zone Customer_Subnet policy Customer-Side1 then log session-init
If you want the configuration for IS-IS then I can supply that, but you have to create ISO addresses and another loopback for the two VRs.
I'm pretty sure I haven't missed anything, but being busy at work I rushed it a little....