When a VPN is set up between two sites with a Sophos UTM firewall at one end, and there are two host endpoints that need to talk down the VPN, then applying both hosts into the same VPN fails to pass any traffic.

Creating a second VPN and binding 1 host to each allows traffic to pass normally, and can still be controlled by a single firewall rule.