Hi,
Looking at the config, For Site A:
- Tunnel.1 is already in Trust zone. e0/9 is in Trust as well. So, I don't think the policies that you have are being used.
- With this configuration, it would suffice to add another route:
set route 192.168.15.0/24 interface tunnel.1
I have my doubts about Site-B configuration:
- There is no route for 192.168.1.0/24 pointing to tunnel.1 (set route 192.168.1.0/24 interface tunnel.1)
- The address object --> set address "Untrust" "192.168.1.0/32" 192.168.1.0 255.255.255.255 . This should ideally be 192.168.1.0 255.255.255.0
That said, for adding 192.168.15.0/24 network to the VPN domain, you will just need 2 more policies @ Site-B - similar to policies 55 and 56. Just replace the 192.168.10.0/24 subnet with 192.168.15.0/24 subnet.