XG Firewall and offsite AD Domain controller (site to site vpn) AD authentication ssl vpn

Question

One of our clients is using a sophos xg friewall on the LAN and authenticates users via AD on the LAN. The DC is offsite in a datacenter and connected via IPSec site to site vpn. 
 
 We are trying to setup ssl vpn for the clients who need to access files on the LAN when traveling. 
 We would like to use AD authentication for the vpn users, so we do not need to add local users to the XG. 
 
 When I try to test the server connection from the XG it fails and also the import of domain users from the AD server fails. 
 I can reach the server from the LAN and we also enabled unencrypted PAP on the auth server for testing, no luck. Is there something we need to add/allow on the datacenter site were the server is behind (neverfail provides the server)? 
 Thanks a lot, Best 
 Martin

LuCar Toni · Answer

I can simply explain the issue here. 
 
 You have a local network A and a remote network b on the other site of your VPN. 
 
 XG will build up a route von local network A to remote network B. So basically everything works fine in this scenario. But xg does not build up a route for itself. So all modules, which tries to reach the remote network B does not know, it has to take the VPN tunnel to reach it. 
 So you will add the route by defining both CLI commends on your XG to teach XG how to reach the remote network B. 
 So basically you do not have to do anything on the Datacenter site. Those commands have to deployed on the remote site.