set interfaces gr-0/0/0.0 tunnel source 172.16.30.1 set interfaces gr-0/0/0.0 tunnel destination 172.16.30.2 set interfaces gr-0/0/0.0 family inet address 172.16.30.5/30 set security zones security-zone DMZ interfaces gr-0/0/0.0 host-inbound-traffic system-services ping set security zones security-zone VPN host-inbound-traffic system-services any-service set security zones security-zone DMZ host-inbound-traffic protocols ospf set protocols ospf area 0 interface gr-0/0/0.0 set protocols ospf area 0 interface fe-0/0/5.0 set security policies from-zone DMZ to-zone DMZ policy DMZ_to_DMZ match source-address 10.100.100.0/24 set security policies from-zone DMZ to-zone DMZ policy DMZ_to_DMZ match source-address 10.200.200.0/24 set security policies from-zone DMZ to-zone DMZ policy DMZ_to_DMZ match destination-address 10.200.200.0/24 set security policies from-zone DMZ to-zone DMZ policy DMZ_to_DMZ match destination-address 10.100.100.0/24 set security policies from-zone DMZ to-zone DMZ policy DMZ_to_DMZ match application any set security policies from-zone DMZ to-zone DMZ policy DMZ_to_DMZ then permit set security policies from-zone DMZ to-zone DMZ policy DMZ_to_DMZ then log session-init set interfaces gr-0/0/0.0 tunnel source 172.16.30.2 set interfaces gr-0/0/0.0 tunnel destination 172.16.30.1 set interfaces gr-0/0/0.0 family inet address 172.16.30.6/30 set security zones security-zone DMZ interfaces gr-0/0/0.0 host-inbound-traffic system-services ping set security zones security-zone VPN host-inbound-traffic system-services any-service set security zones security-zone DMZ host-inbound-traffic protocols ospf set protocols ospf area 0 interface gr-0/0/0.0 set protocols ospf area 0 interface fe-0/0/5.0 set security policies from-zone DMZ to-zone DMZ policy DMZ_to_DMZ match source-address 10.100.100.0/24 set security policies from-zone DMZ to-zone DMZ policy DMZ_to_DMZ match source-address 10.200.200.0/24 set security policies from-zone DMZ to-zone DMZ policy DMZ_to_DMZ match destination-address 10.200.200.0/24 set security policies from-zone DMZ to-zone DMZ policy DMZ_to_DMZ match destination-address 10.100.100.0/24 set security policies from-zone DMZ to-zone DMZ policy DMZ_to_DMZ match application any set security policies from-zone DMZ to-zone DMZ policy DMZ_to_DMZ then permit set security policies from-zone DMZ to-zone DMZ policy DMZ_to_DMZ then log session-init