IPsec and routing

kfolman

I have a problem with traffic being routed correctly, and i need some help to be pointed in the right direction.

I have a co-location, main location and employee VPN.
The co-location (192.168.1.0/24) is connected to the main location (10.0.0.0/16) through an IPsec connection. The employee VPN network (172.16.162.0/24), is hosted on an appliance.
Co-location gw ip: 192.168.1.1.
Main location gw ip: 10.0.0.1, 172.16.1.1.
VPN appliance ip: 172.16.1.2.

172.16.1.1/24 is a communications network between the main gw and the VPN appliance.

I'm able to ping from 192.168.1.10 (Host on co-location) to 10.0.0.100 (Host on main location).
I'm unable to ping from 192.168.1.10 (Host on co-location) to 172.16.1.1 or 172.16.1.2 (main gateway and VPN appliance on VPN network), nor any host on 172.16.162.0/24.
I'm able to ping from 172.16.162.3 (VPN host) to 10.0.0.100 (Host on main location).
I'm unable t ping from 172.16.162.3 (VPN host) to 192.168.1.10 (Host on co-location).
I'm unable t ping from 172.16.1.1 (main location gateway, vpn interface) to 192.168.1.10 (Host on co-location).

So some configuration is wrong.

Question is, if it's purely in the routing table, or do i need to add some more subnets in the phase 2 settings of the IPsec?
My phase 2 settings are as follows:
Local Network: 10.0.0.0/16
Remote network: 192.168.1.0/24

I have static route configured on the main gateway, 172.16.162.0/24, gw: 172.16.1.2.

Thanks!

doktornotor

IPsec does not add anything to routing table. Stop messing with routing tables. And of course with none of the  172.16.x.x networks configured in IPsec, this won't work.

P.S. Instead of describing your setup in rather convoluted way, produce a network diagram.