Ok, so I've added a new policy of:
from-zone Internet to-zone Cameras {
policy Dynamic-VPN {
match {
source-address any;
destination-address any;
application any;
}
then {
permit {
tunnel {
ipsec-vpn Dynamic-VPN;
}
}
log {
session-init;
session-close;
}
count;
}
}
}Now the dyn-vpn clients to access both Trusted and Camera zones at the PHV site. However, after adding the policy below for the dyn-vpn clients to access the VPN zone to access the DSQ site, I'm not able to connect to the other site yet.
from-zone Internet to-zone VPN {
policy Dynamic-VPN {
match {
source-address any;
destination-address any;
application any;
}
then {
permit {
tunnel {
ipsec-vpn Dynamic-VPN;
}
}
log {
session-init;
session-close;
}
count;
}
}
}I've made sure the SRX in the remote site allows the dyn-vpn client IP range (10.5.0.0/28) in the VPN to Trusted policy but no luck