Would you consider creating reverse routes on the gateway router and point it to the VPN  internal interface is the best solution? I have a list of discontiguous subnets. and the vpn is sitting behind multiple layer 2 switches e.g. gateway router 1 - router 2 - switch 1 - switch 2 - SA