SSG-140 - DialUP-VPN, Problems accessing remote tunnel destination from mobile

  • Hi everybody,

    my Firewall itself has two active interfaces (the public interface e.g. x.x.x.x and the private one,  Furthermore there is an active site-to-site-vpn configured between the ssg and another hardware firewall device (the subnet is behind the “other hardware firewall”). On the SSG there is a static route for which are needed to reach the subnet from the SSG trust zone. So far so good, the mobile VPN is working so far, I am able to ping all active machines within the subnet (trust).

    I’ve created the DialUP-VPN-Setup on behalf of those documents:

    So far so goot, but now comes the problem. I want to access addresses within from the dialup-vpn-client. Therefor I’ve duplicated the Policy for the network. Traffic from the mobile Client initiates the VPN, it’s successfully established. For accessing another Remote Subnet at the same time I’ve followed those instructions:
    Well, Traffic to also initiates the VPN, it’s also successfully established. But the traffic to is denied by the newly created policy. I’ve attached an Image.

    I have no clue, why the policy denies traffic to

    Any help is appreciated.

    Thank you,
    Bildschirmfoto 2012-10-17 um 13.53.54.png