topic Re: IPSec VPN encryption domain problem (Star community) in SASE and Remote Access https://community.checkpoint.com/t5/SASE-and-Remote-Access/IPSec-VPN-encryption-domain-problem-Star-community/m-p/47853#M12495 I probably understand what you mean, In other words, when defining the scope of the encryption domain, the encryption domain of the data center end and the branch end cannot be an inclusion relationship, and must be an independent network segment. Wed, 20 Mar 2019 01:28:54 GMT yumin_hu 2019-03-20T01:28:54Z IPSec VPN encryption domain problem (Star community) https://community.checkpoint.com/t5/SASE-and-Remote-Access/IPSec-VPN-encryption-domain-problem-Star-community/m-p/47715#M12493 <P>I would like to ask experts a question about the scope of the VPN encryption domain definition.<BR />If a branch of a company needs to access the company data center through IPSec VPN, the encryption domains at both ends are defined as: branch = 10.1.5.0/24, company data center = 10.0.0.0/8<BR />If the encryption domain is defined as such, will there be any problem with IPSec VPN communication?<img id="smileyembarrassed" class="emoticon emoticon-smileyembarrassed" src="https://community.checkpoint.com/i/smilies/16x16_smiley-embarrassed.png" alt="Smiley Embarassed" title="Smiley Embarassed" /></P> Tue, 19 Mar 2019 13:14:13 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/IPSec-VPN-encryption-domain-problem-Star-community/m-p/47715#M12493 yumin_hu 2019-03-19T13:14:13Z Re: IPSec VPN encryption domain problem (Star community) https://community.checkpoint.com/t5/SASE-and-Remote-Access/IPSec-VPN-encryption-domain-problem-Star-community/m-p/47731#M12494 Encryption domains cannot overlap in this manner. Not to mention, you'll have routing issues. The branch side will need to be NATTED to talk to the datacenter side and the datacenter side will need to refer to the branch side by the NATted IPs. Tue, 19 Mar 2019 13:52:14 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/IPSec-VPN-encryption-domain-problem-Star-community/m-p/47731#M12494 PhoneBoy 2019-03-19T13:52:14Z Re: IPSec VPN encryption domain problem (Star community) https://community.checkpoint.com/t5/SASE-and-Remote-Access/IPSec-VPN-encryption-domain-problem-Star-community/m-p/47853#M12495 I probably understand what you mean, In other words, when defining the scope of the encryption domain, the encryption domain of the data center end and the branch end cannot be an inclusion relationship, and must be an independent network segment. Wed, 20 Mar 2019 01:28:54 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/IPSec-VPN-encryption-domain-problem-Star-community/m-p/47853#M12495 yumin_hu 2019-03-20T01:28:54Z