below config is for a route based VPN and not policy based VPN.
vpn HHCL {
ike {
gateway HHCL;
proxy-identity {
local 172.16.1.0/24;
remote 172.17.203.0/24;
service any;
}
ipsec-policy HHCL;
}
establish-tunnels immediately;
}
vpn ATLAS {
ike {
gateway ATLAS;
proxy-identity {
local 10.10.0.0/16;
remote 10.128.0.128/26;
service any;
}
ipsec-policy ipsec-policy-cfgr;
}
establish-tunnels immediately;
}
}
On policy based VPN proxy-Ids are derived from the source-address /destination-address and application you define on policy.
On route based VPN you have to call the corresponding St0 under VPN config and on policy based VPNs you have to call VPN under security policy.
Policy Based VPN:
https://kb.juniper.net/InfoCenter/index?page=content&id=TN107&smlogin=true&actp=search
Route Based VPN:
https://kb.juniper.net/InfoCenter/index?page=content&id=TN108&smlogin=true&actp=search
Note: Junos version 11.2 is very very old and recommend you to upgrade to any latest 12.1X versions.