Second phase 2 entry not working on mobile IPSec tunnel

  • Hello all. I followed this document to set up a mobile IPSec tunnel.

    Everything works as expected with the single phase 2 entry for the LAN subnet ( When I added a second phase 2 entry for LAN2 (, nothing seems to change on my client. I can still get to LAN, but not LAN2. The second phase 2 entry is just a copy of the first with the "local network" changed. My firewall rule for the IPSec zone is set to allow all traffic.

    Is there something I am missing? in the doc, "Add additional phase 2 entries for additional local networks if necessary" made it seem like all I needed to do was add the second entry and everything else should stay the same.