Technical Tip : How to allow SSLVPN traffic into Policy-based IPsec VPN.

1).  Add SSLVPN subnet to the phase-2 tunnel selectors. In this example, the phase-2 tunnel is already set to 0.0.0.0/0 for both sides, hence, there is no need to add the SSLVPN subnet.

2). Configure the firewall policy for SSLVPN traffic going to the Policy-based IPsec VPN. This needs to be done on CLI as the GUI will not allow saving the policy without a user-group. 

# config firewall policy
  edit 0
    set srcintf "ssl.root"
    set dstintf "port5"
    set srcaddr "SSLVPN_TUNNEL_ADDR1"
    set dstaddr "10.56.56.0/24"
    set action ipsec
    set schedule "always"
    set service "ALL"
    set logtraffic all
    set inbound enable
    set vpntunnel "VPN_Tunnel"
  next
 end

3). Move the newly created firewall policy above the firewall policy that allows traffic from SSLVPN to the designated outgoing interface to avoid conflict. In this case, it is policy ID 36.

# config firewall policy

    move 36 before 38

 end

4). On the remote site, add the SSLVPN subnet to the firewall policy for the policy-based IPsec VPN.

5). Reconnect to the SSLVPN for the changes to take effect. 

Note: Depending on the SSLVPN web portal configuration, add the remote subnet to the split-tunnel network list as needed. In this example, split-tunnel is disabled.

Results.