Routing thru IPsec tunnel

Question

Hi all, 
 im at the end of all my ideas so im asking for help... 
 
 I have two sites with UTM, working IPsec tunnel. 
 At point A there is Public WAN IP and thru this interface is reachable also subnet 172.20.60.0 which is kind of "management subnet" which i need to reach from site B. 
 in IPsec tunnel settings on site A is in local network specified A site LAN and subnet 172.20.60.0. on site B as remote network site A LAN and 172.20.60.0 network. Tunnel from LAN B to LAN A works fine... 
 But im not able to reach subnet 172.20.60.0 which is behind WAN of site A, i tryied to create SNAT rule where from LAN B, service any, to 172.20.60.0 network, change source to WAN interface (ticked rule applies to IPsec packets) 
 It should look like: B 10.100.200.0 wants to reach 172.20.60.0 
 10.100.200.x -> UTM site B - IPsec tunnel - UTM site A - WAN - 172.20.60.0 
 masquerade rule also did not helped 
 
 Any suggestions appreciated :-) 
 
 Thank you, Vitek

vikino · Accepted Answer

Hi Bob, 
 working tunnel means that all other LAN specified as remote networks are automaticaly routed thru tunnel and each other site was reachable. 
 Yesterday i deleted all rules, SNAT, routing etc. and let only masquerading enabled and gave up searching and testing. After two hours it started to work, without my touch, so the only thing that is nesecary is Masq and that is, so problem solved it self.