Sophos SSL VPN Over IPsec

Question

So I have a customer with all remote stores have a IPSec VPN tunnels back to HQ where the POS system is. One of the stores, they have a local server also. With some of the people at the stores working remotely, users need to SSL VPN into a store to access that server, and they also need to access the POS system at HQ. I have created an SSL VPN at the Store and then added the IP subnet of that SSL VPN to the IPSec VPN Tunnel. HQ does have 2 internet connections and so does the store, so the IPSec VPN Tunnel does have 4 VPN connections with a failover group. So all the routing should be in place, but when I VPN into Store and try to do a traceroute out to the HQ server, it does make it pass the Store. I think I might need a persistent route or something, but I don&rsquo;t know how to over the VPN Tunnels or which site needs it. 
 
 HQ 
 Lan Subnet 192.168.1.0/24 
 
 Store 
 Lan Subnet 192.168.25.0/24 
 SSL VPN Subnet 10.82.25.0/24

FormerMember · Accepted Answer

Hi Carlos Carrasquillo 
 If the IPsec tunnel has been connected successfully with SSL VPN subnet, please ensure there is VPN to VPN firewall rule on the firewall that SSL VPN users connects. 
 Please follow this KB Article for reference : Sophos XG Firewall: How to configure access for SSL VPN remote users over an IPsec VPN 
 If you decides to follow KB Article provided by Keyur you have to remove the SSL VPN subnet from the IPsec configuration and add system routes for each tunnels. 
 Thanks,

Carlos Carrasquillo · Answer

Thanks, apparently I overlooked since they already had VPN firewall rules but they were broken down into two firewall rules for in and out. I deleted those and combined them into 1 rule and traffic started to flow. 
 Thanks 
 Carlos