I'm currently working with a setup where the SA520 is the outward facing device, performing NAT with a subnet of 192.168.1.x, with a UC540's WAN port connected to one of the LAN ports on the SA520. The UC540 is also performing NAT with a subnet of 192.168.10.x. THere is a SF300-24P plugged in to the expansion port on the UC540. While plugged in directly to any of the devices, I have static routes set so that I can ping any of the devices on these subnets. This has been tested to work.
I am able to IPSEC VPN in to SA520, with the VPN pool on the 192.168.12.x subnet. Once connected I can NOT ping any device on any subnet, nor any websites. Do I need to add a static route or VPN policy somewhere to allow connections from the 192.168.12.x subnet to the other subnets?