Route to additional network behind remote VPN

Question

Hi Guys, 
 Please see network diagram before i start to describe my issue: 
 
 We are using SG2x0 to control access(by hostname) to 192.168.100.x - everything works fine from local LAN. There's a remote site and they are able to access everything in local LAN - if i open https://192.168.1.254:4444 from 192.168.102.200 i can access sophos 
 Problem starts when i want to access 192.168.100.x from 192.168.102.x network. It seems SG115 is trying to route via external interface rather than VPN Tunnel. 
 What do i need to configure on SG115 in IPSEC to allow 192.168.102.x to connect to 192.168.100.x via VPN tunnel?

BAlfson · Answer

I assume your tunnel has a single SA that looks like: 
 192.168.102.0/24={SG public IP}<-->{Cisco public IP}=192.168.1.0/24 
 In that case, make a Static Gateway Route in the SG: 
 192.168.100.0/24 via 192.168.1.254 
 There are other solutions, but this is the easiest given this situation. Better would be to do as poero suggests and add 192.168.100.0/24 to the tunnel in both the SG and the Cisco, but that assumes the Cisco already "knows" that that subnet is behind the SG 2x0. 
 Cheers - Bob