I wonder if any one has come across this before. We have a customer running an SMB 1400 firewall with remote access VPN users. The customer has a secondary IP address range forwarded to the gateway by the ISP. They currently use this secondary range for external NAT IP's. Because the the secondary range is not defined on the interface configuration or the routing table remote access users are not forwarding traffic through the VPN to the firewall and are instead going via the internet to the secondary IP range.
In a fully managed gateway this would be easy to resolve by adding the secondary IP range into the remote access VPN encryption domain but I do not see that functionality in the locally managed SMB device. Does any one know of a work around for this or is the only answer to go to a fully managed SMB device.