Does all the traffic on the 3.1 network go through the vpn to the 2.1? If it bombs right away it should be a routing issue and you should be able to see if the sonicwal itself can get to the IP address through the utility section inside the sonicwall. If it can but the workstations behind can't check the Lan > Wan rules you have. Also there should be a log section with events popping up for this if it is hitting the IDS or Firewall rule to block it.