Hi,
sorry I'm not really sure which configuration you would like to see.(see attachment for the configuration)
the Phase 1 and 2 are set up like in book.
forward and reverse policies are set up with tunnel as action
we have configured "source nat OFF" for destination against the resources on the other side of the vpn.
and we have source nat interface rule as second rule.
the only one thing I'm kind of worring about is that we have to limit the communication between the systems on each side of the vpn.
We need to open for certain IPs across the vpn.
on srx side there is 1 server with 4 network cards, so we need to open traffic from all of these
and on the zyxel side there is 1 IP-address which needs to communicate with these 4 IPs.
As I know local and remote ID are derived from forward/reverse policy and are overwritten by it even if confiured under IKE. But that should not matter as tunnel is UP anyway?
Server-IPs is a address-set with 4 individual "adresses" containing 4 IPs for the local system.
We dont have control over remote firewall systems but I have seen some screenshots of the configuration applied.
Im not familiar with Zyxels way to configure VPN