Re: VPN client unable to access 2nd site when connected to first site

Thanks for the clarification.  From your description, this is the policy based VPN that will need to adjust along with the matching pair.

policy vpnpolicy-trust-untrust-cfgr {
                match {
                    source-address [ net-cfgr_10-0-51-0--24 net-cfgr_10-10-11-0--24 ];
                    destination-address [ net-cfgr_10-0-50-0--24 net-cfgr_10-10-10-0--24 ];
                    application any;
                }
                then {
                    permit {
                        tunnel {
                            ipsec-vpn ipsec-vpn-cfgr;
                            pair-policy vpnpolicy-untrust-trust-cfgr;
                        }
                    }
                }
            }

I don't typically do policy VPN, but my memory is that you cannot use groups or multiple address object like this in the policy.  The need to be clean single address object for source and destination on each policy pair.  Which need to correspond to the IPSEC proxy-id pairs you want for each of your phase 2 tunnels.

So you would simply have three policies for this connection:

1. Source: net-cfgr_10-0-51-0--24  Destination: net-cfgr_10-0-50-0--24
2. Source: net-cfgr_10-10-11-0--24 Destination: net-cfgr_10-0-50-0--24
3. Source: net-cfgr_10-0-51-0--24 Destination:  net-cfgr_10-10-10-0--24