From SiteA, I send vendor network traffic out 77.77.77.78 to the vendor router 77.77.77.77, and it’s working fine.
SiteA and SiteB are talking across the vpn tunnel just fine.
From SiteB, I’m trying to cross the vpn zone, to the untrust zone on the vendor connection to hit those networks.
At SiteA I have my vpn-to-trust/trust-to-vpn for back and forth with SiteB, but I also added a vpn-to-untrust/untrust-to-vpn so SiteB can now ping 77.77.77.78 (77.77.77.77 doesn’t respond to pings).
At SiteB, I have a security policy allowing trust-to-vpn and vpn-to-trust. But I’m confused on the routing here. Should I specify the vendor networks to tunnel.1? or how do I tell them to cross tunnel.1 and use the 77.77.77.77 next-hop off SiteA router?
Quick Image for reference: https://imgur.com/a/pYCdDoa