Remote IPSEC VPN routing to internal LAN DEVICES

Hi Team,

I have created a network on layer 3 with a point to point connection from port 3 of my network to the layer 3, which ideally hold my internal network VLANS & devices. on port 3 i have the one IP, and on the switch i have another ip (point - point) connection. I created a static route from port 3 to the switch which works fines.

The above works very fine. 

I have tried to now to access above from a remote IPSEC which is a problem, for the last 5 days, tried reading around tried watching videos, but seems I am not getting there.

So below is my ipsec config

The internal zones are as below.

my fire wall rules are as per below.

my nat rule is per the below

When i Try to do a policy check i get everything green, 

When I do physical connection, the VPN establishes and connects, however I cant reach the ips behind the LAN port above, which is 10.254. ip series.

Kindly assist out.

Edited TAGs
[edited by: Erick Jan at 5:17 AM (GMT -7) on 4 Apr 2024]