I'd tackle the problem in phases. Start simple. My first step after establishing the tunnel would be to ping the IP-address of your MX. I'd also try to make sure that it actually is the MX responding by accessing the local web page. Once that works, work your way from there. Try pinging the Juniper. If it's not working, setup port mirroring and a packet capture on the interface of the Juniper and have a look at what's going on. If nothing arrives, then there's something wrong with the routing on your MX. If something arrives, but no reponse is sent, something is wrong in the Juniper. Then move to a device in one of the subnets of the Juniper and repeat the process. Things to keep in mind: Software firewalls on devices are often configured not to respond to pings originating from outside their own subnet, make sure you change those settings. Make sure your routing is always correct in both directions. Beware of duplicate subnets.
... View more