FortiGate.

To add a new subnet in the phase2 selector of a custom tunnel, there are 2 approaches:

1. If the phase 2 selector is specified as a named address, a group of addresses adds a new subnet to the existing group if a separate/another phase 2 selector is not wished.
2. Add a new phase 2 selector.

Follow the steps below for both methods: 

1. Adding a subnet to an existing group: 

If the tunnel looks like the following, do not create a separate phase2 selector: 

In the image below, it is possible to see how the address group looks with the existing settings.

The 'VPNCustomLocal' and 'VPNCustomremote' are the address groups used in this example VPN tunnel: 

It is possible to add the new subnet address to the existing group, either remote or local, and select OK. If the static route and firewall policy also have the same group, it will be updated. Enable 'static route configuration' on the address and address group objects to select the 'VpnCustomlocal' address group in the static route.

2. Add a new phase 2 selector:

To add a new phase 2 selector, go to VPN -> IPsec Tunnel and select to edit the tunnel.

On Phase 2 Selectors, locate the Add button as shown in the screenshot below, and add the new subnet as the selector, then select OK to save the new settings:

If there is no 'Add' button as above, it means that it was created by the wizard.

There are two ways to accomplish this task, which is converting from the wizard mode to custom on the GUI or changing it from the CLI with the command:

config vpn ipsec phase1-interface
  edit <tunnel name>
    set wizard-type custom
  next
end

Or create an address object with the subnet, which is required in phase2, and add it to the group 'VpnCustomloca' or 'VpnCustomremote'.

Related article: 

Technical Tip: Static routes with address objects or groups