SRX5308 Multi-homing working strangely

Hello,

I have an SRX5308 configured to be the gateway for our local network. DHCP is disabled on the Netgear firewall, and is taken care of by a Windows Server 2012 R2 domain controller instead.

Recently, we've run into an issue where we are running out of IP addresses. I decided to solve this problem by creating a Superscope on the local DHCP server.

Scope 1 (original): 10.1.50.x

Subnet: 255.255.255.0

Gateway (SRX5308): 10.1.50.254

Scope 2 (new scope): 10.1.60.x

Subnet: 255.255.255.0

Gateway (SRX5308): 10.1.60.254 (added as a secondary IP via LAN Multi-homing)

Scope 3 (remote scope in a remote location, connected via IPSec VPN): 10.1.51.x

Subnet: 255.255.255.0

Gateway (FVS336GV2): 10.1.51.254

If I am leased out an IP address on the original scope of 10.1.50.x, I have no issues. I can connect to the internet, and I can reach any server (including remote servers over the IPSec VPN).

If I am leased out an IP address on the new secondary scope of 10.1.60.x, I have random issues. Although I can connect to the internet, and I can reach SOME of the servers on the 10.1.50.x scope... I can't reach all of them. For example, I cannot reach 10.1.50.20 (an ESXi host), but I can reach 10.1.50.5 (the DHCP domain controller). I can ping both gateways (10.1.50.254 and 10.1.60.254), but I cannot ping or reach any of the servers in the remote location (10.1.51.x). One user reported to me that he could not connect to one of his client sites via VPN if he was on the 10.1.60.x scope.

What's going on here? There are no firewall rules on either side to only allow a specific scope to reach specific servers.