VPN endpoint cant see another VPN endpoint on a different subnet.
Hope someone can point us in the right direction here.
In summary, we have multiple VPN endpoints, and they cannot see each other.
We have a 192.168.250.0/24 subnet which has a tunnel to our HQ (10.10.0.0/16), we also have a tunnel from 10.1.1.0/24 to our HQ, both can see the HQ, and the HQ can see both the VPN end points, but the endpoints cant see each other.
When running tracert from one subnet to another, it appears to work as expected initially hits our layer 3 core switch at HQ and then times out.
If we check the firewall, we see the following...
2020-03-15 15:53:43 Deny 192.168.250.53 10.1.1.115 icmp 20-WAN VLAN Firebox ip spoofing sites 92 19 (Internal Policy) proc_id=”firewall” re=”101” msg_id=”3000-0148”
Hope I've made this clear enough, I've tried various things with no luck.