VPN tunnel between two 2860's established and stable. Routing tables as follows:

DIAL IN router: (Bognor)

* 0.0.0.0/ 0.0.0.0 via 81.148.32.1 WAN1
C~ 10.100.3.0/ 255.255.255.0 directly connected LAN1
S 81.143.167.16/ 255.255.255.255 via 81.***.***.*** WAN1
* 81.148.32.1/ 255.255.255.255 via 81.148.32.1 WAN1
C 81.143.167.16/ 255.255.255.248 directly connected LAN7
S~ 192.168.1.0/ 255.255.255.0 via ***.***.***.*** VPN-1

Dial out router: (Grimsby)

* 0.0.0.0/ 0.0.0.0 via 81.148.160.1 WAN1
S 10.100.3.0/ 255.255.255.0 via ***.***.***.*** VPN-1
* 81.148.160.1/ 255.255.255.255 via 81.148.160.1 WAN1
C~ 192.168.1.0/ 255.255.255.0 directly connected LAN1
S 217.35.88.197/ 255.255.255.255 via ***.***.***.*** WAN1

Routing tables look fine to me.

Grimsby (192.168 subnet) can reach all PC's on the Bognor network (10.100 subnet) but Bognor cant reach anything on the Grimsby network:

Tracing route (from Grimsby) to 10.100.3.250 (Bognor) over a maximum of 30 hops

1 <1 ms 1 ms <1 ms Vigor.router [192.168.1.254]
2 31 ms 31 ms 31 ms 10.100.3.254
3 31 ms 32 ms 31 ms 10.100.3.250

Trace complete.

Tracing route from Bognor to 192.168.1.210 (Grimsby) over a maximum of 30 hops

1 <1 ms <1 ms <1 ms Vigor.router [10.100.3.254]
2 31 ms 31 ms 31 ms 192.168.1.254
3 * * * Request timed out.
4 * * * Request timed out.


The fact that the dial out side can access everything on the dial in side indicates to me that the VPN is properly configured but something is stopping traffic getting from the Grimsby router to the PC's on its' subnet. There is no VLAN configured or any routing policies or static routes. Firewalls are disabled.

I'm stumped as to why traffic from the 10.100 network cannot reach the 192.168 network.

Any ideas greatly appreciated.