Scenario.
Cluster of SRXs have interface reth0.222 with ip 192.168.222.1/27.
In the same network we have SSL VPN MAG6611 with internal ip 192.168.222.30/27 and multiple servers on 192.168.222.4,5,6.../27 ip address.
SRXs have IPSec VPN to branch office with some servers ip address 192.168.223.6,7,8/24
Client connected to the SSL VPN receive ip from MAG device in scope from 10.10.10.26/24 to 10.10.10.126/24
Routing.
SSL VPN have only one static routing to the default gateway which is SRXs Cluster on reth0.222 interface -> 192.168.222.1.
Servers in 192.168.222.0/27 have only default gateway in static routing to the same address like MAG -> 192.168.222.1
Problem.
VPN clients can without any problem access to the servers in branch office. Any protocols works fine.
VPN clients can send ICMP or connect using WWW to the servers in 192.168.222.0/27 netoworks.
VPN client can't connect with servers from 192.168.222.0/27 using RDP or SMB protocols BUT if client on the computer connected with SSL VPN first send ICMP to some server from 192.168.222.0/27 after first icmp reply can connect this server using RDP,SMB,..
After some time (more second) if icmp is not sending and RDP is not active, posibility to connect using RDP, SMB disappears again.
Solution - not completely.
If We add on some server from 192.168.222.0/27 static routing like this:
10.10.10.0/24 next-hop 192.168.222.30
Problem disappear and RDP,SMB,.. works fine without ICMP.
We check ARP on SRX and on MAG and looks fine.
I understand, that there is some fundamental problem in our solution so please help me understand in which place routing not work properly and how to rebuild this to eliminate this problem in system way.
View of netowrk attached.