set interfaces ge-0/0/0 unit 0 family inet dhcp set interfaces ge-0/0/1 unit 0 family inet address 192.168.4.1/24 set interfaces st0 unit 0 family inet address 192.168.10.1/24 After configuring interface address now configure routing options for SRX device set routing-options static route 192.168.100.0/24 next-hop st0.0 set routing-options static route 0.0.0.0/0 next-hop ge-0/0/0 Then configure the security zones and interfaces and inbound traffic. set security zones security-zone untrust tcp-rst set security zones security-zone untrust host-inbound-traffic system-services all set security zones security-zone untrust interfaces ge-0/0/0.0 set security zones security-zone untrust interfaces st0.0 set security zones security-zone trust tcp-rst set security zones security-zone trust host-inbound-traffic system-services all set security zones security-zone trust interfaces ge-0/0/1.0 Let’s now configure phase 1 IKE configuration set security ike proposal P1proposal authentication-method pre-shared-keys set security ike proposal P1proposal dh-group group2 set security ike proposal P1proposal encryption-algorithm des-cbc set security ike proposal P1proposal authentication-algorithm sha1 set security ike proposal P1proposal lifetime-seconds 86400 set security ike policy P1policy mode aggressive set security ike policy P1policy proposals P1proposal set security ike policy P1policy pre-shared-key ascii-text “p@ssword” set security ike gateway P1gateway ike-policy P1policy set security ike gateway P1gateway address 2.2.2.2 set security ike gateway P1gateway dead-peer-detection interval 10 set security ike gateway P1gateway dead-peer-detection threshold 3 set security ike gateway P1gateway local-identity user-at-hostname “bipin@mustbegeek.com” set security ike gateway P1gateway external-interface ge-0/0/0 After configuring the phase 1 IKE, now configure phase 2 IKE configurations. set security ipsec proposal P2proposal protocol esp set security ipsec proposal P2proposal authentication-algorithm hmac-sha1-96 set security ipsec proposal P2proposal encryption-algorithm des-cbc set security ipsec proposal P2proposal lifetime-seconds 36000 set security ipsec policy P2policy perfect-forward-secrecy keys group2 set security ipsec policy P2policy proposals P2proposal set security ipsec vpn site1-to-site2-vpn bind-interface st0.0 set security ipsec vpn site1-to-site2-vpn ike gateway P1gateway set security ipsec vpn site1-to-site2-vpn ike ipsec-policy P2policy set security ipsec vpn site1-to-site2-vpn establish-tunnels immediately Now create security policy to allow traffic from site1 to site2 and vice-versa. set security policies from-zone trust to-zone untrust policy allowALL match source-address any set security policies from-zone trust to-zone untrust policy allowALL match destination-address any set security policies from-zone trust to-zone untrust policy allowALL match application any set security policies from-zone trust to-zone untrust policy allowALL then permit set security policies from-zone untrust to-zone trust policy fromInternet match source-address any set security policies from-zone untrust to-zone trust policy fromInternet match destination-address any set security policies from-zone untrust to-zone trust policy fromInternet match application any set security policies from-zone untrust to-zone trust policy fromInternet then permit Note: – Make sure that you have allowed both remote network 192.168.100.1/24 and 192.168.10.0/24 network for incoming traffic on the home network.