Site-To-Site VPN does not work for one specific subnet

VPN to site A, open a command prompt and type:

tracert -d 192.168.0.2

You see a list of all the routers the traffic passes through it it's attempt to reach site B (this takes a while to build up). The first hop should be 192.168.10.1 i.e. the router at site A. If the first hop is to your PCs usual default gateway then you need to modify the routing rules on your PC. If the first hop is 192.168.10.1 but the remaining hops time out then you need to modify the router configs.

To expand a bit (bear with me if you already know this stuff!), let's say your PC has IP address 192.168.16.2 and default gateway 192.168.16.1 (you can type ipconfig to get this info). When you ping any address that isn't 192.168.16.xxx the traffic gets routed to your gateway 192.168.1.1.

When you connect the VPN you'll probably get a second IP address 192.168.10.something; in effect the VPN creates a second network card. If you ping 192.168.10.1 (i.e. site A router) this is now a local address so no gateways are involved and the site A router should reply. Now ping 192.168.0.1 (site B router). This address isn't in the local networks for either your real NIC (192.168.16.xxx) or the VPN virtual NIC (192.168.10.xxx) so the packet will go to the default gateway, 192.168.16.1. The default gateway is presumably your ADSL router, so the packet disappear into the Internet and be lost. Hence you can't ping site B.

Now, some VPNs change the default gateway when you connect. In that case the default gateway would be 192.168.10.something so when you ping 192.168.0.xxx the packet should flow through the VPN and you should be able to ping site B.

I seem to have ranted on a bit, however the point is that tracert will quickly tell you where your pings to site B are going and give you a clue as to what's wrong.

JR

Do you have each of the subnets in question defined as VPN subnets in the Sonicwall network object configuration? If you have them classified as LAN or WAN, then your "LAN to VPN" rules won't apply to them even if you have them defined in the VPN tunnel. I'm not sure if this applies to the model you have (ours are TZ17/8/90 and 3060s, but if it is running the SonicOS, I think it does)