> When I try to do a ping or otherwise on the remote firewalls to the head > office lan, I get a 'no route to host' error which implies that the IPSec vpn > policy route which can be seen in the 'route show' is not being used as the > source IP of the ping/payload is not going to have the firewalls internal LAN > addres to match the policy route etc..
Perhaps you've created flows from our LAN network range only? If so, for a ping to work, you need to specify the local IP, like ping -I 192.168.1.1 192.168.2.1 Make sure you originate the traffic from an IP included in the flow specification.
