IP Pools and firewall traffic

Just finished pulling my hair out for 3 hours trying to solve a problem. Let me explain: I have an internal subnet 172.18.2.0/24. They never needed the Internet before 2 days ago, so I really didn' t look to see if they worked or not. Well it turns out that the IPSec tunnel I tried to get working didn' t work. We couldn' t work out why, so we scrapped that in favor of their SSL VPN client/server solution hosted on a workstation/server here. Well they set it up, installed, and failed to get that working as well. I started by pinging to their peer. It didn' t come back. I ran the sniffer from the firewall on the inside port: failure. I sniffed the outside port: success! The firewall was not sending the packets back in! What the hell? I sent a PING from the firewall and got replies. The strange thing was that the PING replies were in 0 ms. This network ain' t a Ferrari! That' s not right! I run a trace route. First hop it ends.... The FGT is intercepting the traffic. I looked everywhere until I saw an IP pool that covered the entire 172.18.2.0/24 subnet. I broke it down to the 2 single hosts that needed coverage. After that, everything started working as desired. An after thought...maybe this was the same reason the IPSec tunnel didn' t work right? Similar symptoms. I could PING out to them, but they couldn' t get in to the host here. Just an FYI if you' re experiencing weirdness that you can' t explain away.