IPSEC Site-to-Site can't access all remote networks

Sounds like you're missing firewall rules for ingress and egress traffic

I have 2 rules that allow any service from NYC networks to Texas network and vice versa

Any Layer 3 switches in the mix? Are you using VLAN tagging at all? Is the default gateway of each LAN the UTM?

Texas is an inherited network. All unmanaged switches. Each LAN is a physically plugged into Ethernet ports on the UTM. They all show up as green interfaces. Do I set those interfaces default ipv4 gateway to 10.1.0.1 (the UTM address?) They are forced to be in uplink balancing if so.

I don't believe so. Each default gateway should match the LAN interface they're connected to... so the 10.1.2.0/24 network gateway should be 10.1.2.1 (if the last octet is set to 1 for your gateways), so and so. The routing between the networks should all be handled by the UTM.

Yeah that's how I have it. Internally at Texas they can ping eachother but from the NYC office, I can only ping 10.1.0.0/24 network and not the other ones, trying to fix that and I'm lost.

I think in this instance the firewall log will be your friend. Monitor your firewall log while you're trying to ping one of the non-responding networks in Texas and vice versa.  What does it say? Can you post a screenshot of your firewall rules?

Also, you may want to consider moving those UTM 9s to XG software.  I've been using the XG platform for several months now and it's a much nicer interface, to me, than the UTM 9 software.

I appreciate this suggestion but I don't feel I need to switch to XG to fix this. I need to establish more ipsec connections to Texas and I need them to reach printers on the 10.1.1.0/24 network, I can't even seem to get it working from the 1 ipsec I have.

I need help :(

Something more interesting.

If I do a continuous ping to a machine on the 10.1.1.0/24 network, I get about 30-40 timed out requests and then I start getting replies. Once I see replies and try to ping the 10.1.0.0/24 network then I get timeouts...until 30 or 40 of them and then I get replies. So it seems like I can ping only 1 network at any given time and have to push continuous pings to start getting replies from other networks. Tried this with 10.1.2.0/24 network and the same thing. How can I get immediate replies from each when pinging them?

Check to see if you have NAT Traversal enabled on the site-to-site VPN connection. If so, try disabling it.

It was enabled on both ends, disabling it on either and all sides did not resolve the issue.

It was enabled on both ends, disabling it on either and all sides did not resolve the issue.

Hi Christopher and welcome to the UTM Community!

Rather than use manual "Any" firewall rules, I prefer to use 'Automatic firewall rules' in the IPsec Connections.  I would leave NAT-T enabled on both sides.

Does doing #1 in Rulz give any insight into what is causing this mystery?

Cheers - Bob