on tco site, is the external interface and st0 in different routing instance?
If so you may need to add a route for 192.168.18.0/24 on the routing instance pointing to the inet table.
Note: If the external interface is in custom routing instance at only one site and the traffic is initiated from the other site, we need to make use of rib-groups to make the internal network available in custom routing instance. Otherwise, the default route in the custom routing instance will match the traffic and incoming interface itself will be chosen as outgoing interface. Security policy lookup will be done within the same zone context and packets will be dropped.
If both of the site's external interfaces are in custom routing instances, then we need to apply rib-groups at both sites, when we need bidirectional communication (traffic initiation from either site). If we need traffic to be initiated from only one site, then rib-group should be applied at the other site.
Ref: https://kb.juniper.net/InfoCenter/index?page=content&id=KB21487&actp=search