You want to configure a VPN in transparent mode.
Configure a policy-based VPN, and anchor the tunnel on the
set ike gateway "gateway-b" ip 192.168.2.100 outgoing-zone "V1-Untrust" preshare juniper sec-level standard set ike gateway "gateway-b" nat-traversal set vpn "gateway-b" gateway "gateway-b" sec-level standard set vpn "gateway-b" monitor optimized rekey
Then, configure a tunnel policy, referencing L2 zones:
set policy id 1 from "V1-Trust" to "V1-Untrust" "192.168.1.0/24" "192.168.2.0/24" "ANY" tunnel vpn "gateway-b" log set policy id 2 from "V1-Untrust" to "V1-Trust" "192.168.2.0/24" "192.168.1.0/24" "ANY" tunnel vpn "gateway-b" log
An often-asked question is whether a VPN can be used to bridge a network between firewalls. The answer is "not really" because a VPN does not forward ARP queries via the IP Security (IPSec) tunnel. (You can, however, bridge networks over the tunnel if the two firewalls are directly connected via the same L2 link so that ARPs can be exchanged in the clear outside the tunnel.) VPN in transparent mode can still be useful.
To understand how VPN in transparent mode works, one has to understand how policy-based VPN works. With policy-based VPN, a tunnel policy is configured between two zones. If traffic is passing those two zones and it matches the policy, packets are encrypted over the configured VPN tunnel and sent to the configured remote Internet Key Exchange (IKE) gateway. ...