Working with a device with static network information

Hi r/networking,

I would like to preface this post by saying I have no "book" knowledge of networking. I have no certs and everything I have learned about networking has been through googling on a need to know basis.

I am working on a project at work which involves a VPN tunnel between 2 SonicWall firewalls. Essentially, on my desk I have 2 firewalls and 2 managed switches (Catalyst 2950) and a computer on either side of the firewall. As an added difficulty, the way that these devices needed to communicate is via unicast protocols AND multicast protocols.

I am trying to provide a good bit of context, just in case my question is hard to understand. I'll try and split up the context and the question so you can skip anything you don't need to read

CONTEXT:

I have set up a solid testing environment, and I have the two computers on either side of the VPN tunnel communicating via ping and through a multicast testing tool I downloaded.

The way I have my VPN environment set up is I have a subnet 10.4.0.6/15 "split" up into multiple subnets, with 10.4.0.6/29 existing on one side, and essentially every other address existing on the other side of the tunnel, specifically 10.4.0.128/25. Firewalls are setup as default gateways that will forward any message across the VPN tunnel if the destination is within the range of the subnet on the other side. (Let me know if this is bad practice and there is a better way to have done this. Hopefully reading below will answer any questions as to WHY I would want to do this).

Here's where my networking knowledge starts to fail me. The computers were stand-ins for the devices that actually needed to communicate, a PLC server (Delta V ProPlus) and a I/O-less controller that's only input is an ethernet cable. This controller is commissioned and managed by the server, but this happens over a network, and the controller is discovered via a multicast signal, and then does any management thereafter using unicast signals. A "feature" of this relationship is that the server will set all addresses on these controllers, and all networking as far as I can tell is not only set by the server, but it forces network information (I cannot change these addresses). The subnet that it sets is 10.4.0.0/15, incrementing the address by 4 every time, with the server being a STATIC 10.4.0.6 (this is a requirement, so the first controller would be 10.4.0.10, then 10.4.0.14, and so on). Also, as far as I can tell, it does NOT set a default gateway.

The main problem I am having is that this controller can be pinged when existing on the SAME side of the tunnel. (e.g. Assume the controller is 10.4.0.130. A device existing on the 10.4.0.128/25 subnet (say 10.4.0.131) can ping the device. However, across the VPN tunnel, a ping is not achievable, and similarly, the controller does not show up in the server's commissioning GUI, which is a multicast discovery function.

I don't think this is an issue with the setup of the firewalls as I stated above that a ping IS achievable using two MW2016 images that are set with default gateways. Here is my current theory as to why I don't think it is working. Also, please keep in mind that I am fairly green to networking so I am not exactly sure how all of these computers behave, but it is my understanding that the following happens:

1. 10.4.0.6(Server) is sending a ping message to 10.4.0.130(Controller). Controller does not exist on the server's side of the VPN tunnel, so the ping get's sent to the gateway.
2. The firewall receives the message, verifies that the address would exist on the opposite side of the tunnel, and sends the ping to the other firewall.
3. The firewall on the other side (also acting as a gateway) sends the message to the subnet.
4. The controller receives the ping message, and sends out a "hey I got it" reply message, destined for the original sender, which is 10.4.0.6. It cannot find this address on it's local subnet, and it doesn't have a default gateway, so the packet is lost to the aether.

Is the above a decent summation of what is happening?

QUESTION:

Assuming the network information is immutable and the device has no default gateway, what can be done to open up a device to a subnet that is on the other side of a VPN tunnel? (i.e. How can communication be established between two devices that exist on two different subnets networked together by a router when one device is UNABLE to have a default gateway set?) I am sure the question might seem asinine to an experienced network engineer, so I am sorry if this a dumb question (I couldn't really get a good answer googling, so that's why I am posting here).

As I stated, I have managed switches and routers, so is there any networking magic I can do to try this? Or would I need to entirely adjust my swing to achieve this?

Thanks for reading.