Hello everyone, I need help with a rather complicated situation. I'll try to explain it in the simplest way possible:

I have an on-premise environment that communicates through a cloud VPN with Google Cloud Platform (GCP). I've created another project with a Linux VM that needs to send and receive traffic from the on-premise environment, passing through a firewall located in another VPC. So, I need the flow: onprem --> vpn --> firewall --> vm, and the reverse flow as well.

Currently, I have the following routes:

• In the VPN VPC, I have a route with the destination 10.0.0.0/8 and the next hop as the VPN tunnel.
• In the firewall VPC, I have a route with the destination 0.0.0.0/0 and the next hop as the firewall.
• I've created peering between the VPN VPC and the firewall VPC.
• I've created peering between the VPC of the new VM and the firewall VPC.

Now, I'm having difficulty creating routes from the VM's VPC to the firewall's VPC because when I set the next hop as the firewall's IP address, I get an error because it is not part of the subnet of the VPC where I'm trying to create the rule.

I should mention that during the peering creation, I didn't enable the export of rules flag because it would conflict with existing rules and create problems in other currently operational environments in my infrastructure.

One last thing, once I reach the firewall, I'll handle the routing from within the firewall. What do you recommend?