Hello again....as I see there is no interest of this...maybe I should post more clues! Please take a look:
This is the result of my new configuration
show configuration
version 15.1X49-D40.6;
system {
host-name SRX-A;
root-authentication {
encrypted-password "$5$WKwMrnNm$f1VrRjjlrmUTd0"; ## SECRET-DATA
}
login {
user zibuti {
uid 2000;
class super-user;
authentication {
encrypted-password "$5$6TFVefSw$ekfBxyUwQQIkXY0TKhF3fyoLRcVX6"; ## SECRET-DATA
}
}
}
services {
ssh;
}
}
security {
ike {
proposal IKE-PROP {
authentication-method pre-shared-keys;
dh-group group5;
authentication-algorithm sha-256;
encryption-algorithm aes-256-cbc;
lifetime-seconds 3600;
}
policy IKE-POL {
mode main;
proposals IKE-PROP;
pre-shared-key ascii-text "$9$w/2ZmCuOBREcyl"; ## SECRET-DATA
}
gateway IKE-GW {
ike-policy IKE-POL;
address 66.66.77.88;
external-interface pp0.0;
}
}
ipsec {
proposal IPSEC-PROP {
protocol esp;
authentication-algorithm hmac-sha-256-128;
encryption-algorithm aes-256-cbc;
lifetime-seconds 3600;
}
policy IPSEC-POL {
perfect-forward-secrecy {
keys group5;
}
proposals IPSEC-PROP;
}
vpn IPSEC-VPN {
bind-interface st0.0;
vpn-monitor;
ike {
gateway IKE-GW;
ipsec-policy IPSEC-POL;
}
establish-tunnels immediately;
}
}
address-book {
global {
address Network-A 10.1.1.0/24;
address Network-B 10.2.2.0/24;
}
}
policies {
from-zone trust to-zone VPN {
policy Trust-to-VPN {
match {
source-address Network-A;
destination-address Network-B;
application any;
}
then {
permit;
}
}
}
from-zone VPN to-zone trust {
policy VPN-to-Trust {
match {
source-address Network-B;
destination-address Network-A;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone untrust {
host-inbound-traffic {
system-services {
ike;
}
}
interfaces {
pp0.0;
}
}
security-zone trust {
host-inbound-traffic {
system-services {
all;
}
}
interfaces {
ge-0/0/0.0;
}
}
security-zone VPN {
interfaces {
st0.0;
}
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 10.1.1.254/24;
}
}
}
ge-0/0/1 {
unit 0 {
encapsulation ppp-over-ether;
}
}
fxp0 {
unit 0 {
family inet {
dhcp;
}
}
}
pp0 {
unit 0 {
ppp-options {
chap {
default-chap-secret "$9$I4XRyeLX1LX-Y4ZM8wgoaiH"; ## SECRET-DATA
local-name "zibuti@SRX-A";
passive;
}
}
pppoe-options {
underlying-interface ge-0/0/1.0;
idle-timeout 0;
auto-reconnect 5;
client;
}
family inet {
mtu 1492;
negotiate-address;
}
}
}
st0 {
unit 0 {
family inet {
address 10.11.11.10/24;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop pp0.0;
route 10.2.2.0/24 next-hop st0.0;
}
}
access {
profile ppp {
authentication-order password;
}
}