hi and again thanks for really good feedback ! comments on points above: 1) i see the routing information, both in the GP client troubleshooting tab, and in windows cmd, and there are no specific route to the 192.168.1.0 range in finland. I could add a static route to test but I am not qiute sure what to set the gateway ip to. I have tried the gateway ip adress for finland 192.168.1.1 and the GP local gw IP 192.168.120.1 locally to a latop but both failed. So I can find the routing information for a GP client, but I am not sure how I can verify if it is pushed by the gateway or not. And where can I add a route to be pushed from the gateway ? 2) both tunels are configured with the same virtual router, and a security zone. there is a policy allowing traffic from the GP zone to the ip range in finland. I cannot choose a tunell interface as a destinaton in a policy, so i allow trafic from the gp zone to the ip range in finland 3) where should I define next hop from GP range 192.168.120.0/24 - I will take a look at the Source NAT option you mantion, maybe this is the solution I am looking for. I will post back how that work out. 4) there seems to be some missing repsonse packets yes, please see my attached pictures, showing ping test, session browser and trafic monitor for both ways, working one way but not the other way 5) In PAFW we use 192.168.120.0/24 only as GP ip range, and there is one listing of this in the virtual router, it looks to me like packets are going through the default route, because it finds no match to a specific routing rule, 6) I do not get the information i need from tracert, it only shows start and end adress and start inbetween, I have attached pictures of ping and tracert tomillustrate my point.
... View more