Hi Juniper experts,
we really need your help as this has been ongoing now for 2 weeks. we have configured another vpn on our srx firewall, phase 1 and 2 are up but host to host connection is not working. our firewall is behind a NAT device so i supposed NAT-T should be used on this vpn. on show security ipsec security-association index output, it shows that the local identity (our local subnet) is 0.0.0.0/0 while remote identity shows the local subnet of the peer site(see below output), on the peer side it also appears 0.0.0.0/0 on our network. also we have another vpn that is working, on "show security ipsec security-association" output (see below), the working vpn shows port 4500(for NAT-T) and the vpn that has a problem shows port 500(standard port for site to site). config of the working vpn and vpn that is not woring are the same. my question are, first is it normal that 0.0.0.0/0 show on the local identity? and second is the port being used as 500 affects why we are having problem on host to host connection? thanks
root@TechHub-PWSRX550> show security ipsec security-associations index 13 | no-more
ID: 13 Virtual-system: root, VPN Name: gw_ESI_VPN
Local Gateway: 1.1.1.1, Remote Gateway: 2.2.2.2
Local Identity: ipv4_subnet(any:0,[0..7]=0.0.0.0/0)
Remote Identity: ipv4(any:0,[0..3]=167.x.x.164)
Version: IKEv1
show security ipsec security-association
<9 ESP:aes-cbc-256/sha256-96 8c72d9e5 2759/ unlim - root 500 1.1.1.1(vpn that has problem)
>9 ESP:aes-cbc-256/sha256-96 a114a95b 2759/ unlim - root 500 1.1.1.1
<4 ESP:aes-cbc-256/sha1 34aeca4d 25431/unlim - root 4500 7.7.7.7 (working vpn)
>4 ESP:aes-cbc-256/sha1 4ba94270 25431/unlim - root 4500 7.7.7.7