You have created your tunnel interface in the untrust zone. Traffic from the trust zone is able
to enter the tunnel and pass to the destination. However traffic from a different interface in
the untrust zone is not able to pass traffic through the tunnel. You are using a single virtual
router. What could be causing this problem?
A.
Two virtual routers need to be configured.
B.
A policy is needed since intra-zone blocking is on by default in the untrust zone.
C.
The tunnel is configured with a proxy id that does not include the address from the untrust
interface.
D.
The routing tables are not correctly configured to allow the traffic from the untrust source
to be delivered to the destination.