IPSEC - multiple nets.

So, I have Site A and Site B

Site A: 10.0.1.0/24
Site B: 10.0.2.0/24 & 10.0.3.0/24

I can create an IPSEC policy between the sites. Like:
10.0.1.0/24 <=> 10.0.2.0/24
10.0.1.0/24 <=> 10.0.3.0/24
Both come up fine.

I then create a RAW rule - no track, for traffic as such:

notrack 10.0.1.0/24 → 10.0.2.0/24
notrack 10.0.1.0/24 → 10.0.3.0/24
notrack 10.0.2.0/24 → 10.0.1.0/24
notrack 10.0.3.0/24 → 10.0.1.0/24

And no traffic flows to either net…

If I disable one of the Site B nets… Traffic flows.

In a nutshell, I can get the sites connected, and traffic flow, but only to ONE of Site B’s nets at a time. I can’t get both running at the same time.

Any ideas what I am missing?

Solved - Each IPSEC policy must be set as unique when you have multiple subnets on remote site.
Edit the policy - Action tab - Level: unique

I can now happily send traffic to/from both remote subnets.