https://community.checkpoint.com/t5/General-Topics/VPN-rules-for-domain-AD-machine/m-p/128338#M23431 <P>Verify that the users are found in the VPN_AD_Machines group. Otherwise you need to fix that.</P><P>Are you using the same AU object for both access roles? The Access roles are AU-dependant, meaning you should use the AU object in your access role which is the same that authenticates the user on the GW object, otherwise the GW can't do lookups toward the AU.</P> Mon, 30 Aug 2021 10:48:11 GMT Albin 2021-08-30T10:48:11Z https://community.checkpoint.com/t5/General-Topics/VPN-rules-for-domain-AD-machine/m-p/128325#M23429 <P>Hello community,<BR /><BR />i will be glad to help, there are the following rules for RA VPN (rule 34):<BR /><BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="original_image.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/13565iCFCA3F101171FB4B/image-size/large?v=v2&amp;px=999" role="button" title="original_image.png" alt="original_image.png" /></span><BR /><BR />It is necessary that computers in the domain match rule 34.1, but this does not always happen, connections matches in 34.2 and skip 34.1.&nbsp;Why is this happening?<BR /><BR />Thank you in advance.</P> Mon, 30 Aug 2021 08:08:36 GMT https://community.checkpoint.com/t5/General-Topics/VPN-rules-for-domain-AD-machine/m-p/128325#M23429 Herman 2021-08-30T08:08:36Z https://community.checkpoint.com/t5/General-Topics/VPN-rules-for-domain-AD-machine/m-p/128338#M23431 <P>Verify that the users are found in the VPN_AD_Machines group. Otherwise you need to fix that.</P><P>Are you using the same AU object for both access roles? The Access roles are AU-dependant, meaning you should use the AU object in your access role which is the same that authenticates the user on the GW object, otherwise the GW can't do lookups toward the AU.</P> Mon, 30 Aug 2021 10:48:11 GMT https://community.checkpoint.com/t5/General-Topics/VPN-rules-for-domain-AD-machine/m-p/128338#M23431 Albin 2021-08-30T10:48:11Z https://community.checkpoint.com/t5/General-Topics/VPN-rules-for-domain-AD-machine/m-p/128342#M23432 <P>Im sorry, but what you mean as "AU"?&nbsp; Its typo and&nbsp;keep in mind "Organization unit"?</P> Mon, 30 Aug 2021 11:23:24 GMT https://community.checkpoint.com/t5/General-Topics/VPN-rules-for-domain-AD-machine/m-p/128342#M23432 Herman 2021-08-30T11:23:24Z https://community.checkpoint.com/t5/General-Topics/VPN-rules-for-domain-AD-machine/m-p/128343#M23433 <P>Account unit, The LDAP object which is used to query user/group memberships.</P> Mon, 30 Aug 2021 11:24:58 GMT https://community.checkpoint.com/t5/General-Topics/VPN-rules-for-domain-AD-machine/m-p/128343#M23433 Albin 2021-08-30T11:24:58Z