Resolved With
New Firewall name
set firewall name VPN-IN-OUT default-action 'drop'
set firewall name VPN-IN-OUT rule 1 action 'accept'
set firewall name VPN-IN-OUT rule 1 destination address '...50.0/24'
set firewall name VPN-IN-OUT rule 1 protocol 'icmp'
set firewall name VPN-IN-OUT rule 1 source address '...50.0/24'
set firewall name VPN-IN-OUT rule 2 action 'accept'
set firewall name VPN-IN-OUT rule 2 destination group network-group 'VPN-LAN'
set firewall name VPN-IN-OUT rule 2 destination port '22,23,443'
set firewall name VPN-IN-OUT rule 2 protocol 'tcp_udp'
set firewall name VPN-IN-OUT rule 2 source address '...50.0/24'
set firewall name VPN-IN-OUT rule 3 action 'accept'
set firewall name VPN-IN-OUT rule 3 destination address '...50.0/24'
set firewall name VPN-IN-OUT rule 3 protocol 'icmp'
set firewall name VPN-IN-OUT rule 3 source group network-group 'VPN-LAN'
set firewall name VPN-IN-OUT rule 4 action 'accept'
set firewall name VPN-IN-OUT rule 4 destination address '...50.0/24'
set firewall name VPN-IN-OUT rule 4 protocol 'tcp_udp'
set firewall name VPN-IN-OUT rule 4 source group network-group 'VPN-LAN'
set firewall name VPN-IN-OUT rule 4 source port '22,23,443'
- Interface vti in the same subnet OFFICE + static route to VPN-LAN via vti0