You have created your tunnel interface in the untrust zone. Traffic from the trust zone is able to enter the tunnel and pass to the destination. However traffic from a different interface in the untrust zone is not able to pass traffic through the tunnel. You are using a single virtual router. What is causing this problem?
A.
The tunnel is configured with a proxy id that does not include the address from the untrust interface.
B.
Two virtual routers need to be configured.
C.
The routing tables are not correctly configured to allow the traffic from the untrust source to be delivered to the destination.
D.
A policy is needed since intra-zone blocking is on by default in the untrust zone.