https://community.checkpoint.com/t5/SASE-and-Remote-Access/Creating-a-policy-for-encrypting-RAVPN-traffic-on-a-S2S-VPN/m-p/193888#M4520 <P>Is the HO network part of the RA encdom?</P><P>Is hub mode enabled at the moment?</P><P>VPN Clients &gt; Remote Access</P><P>&nbsp;</P><P>As for why the first rule doesn't match, i think its down to it having the specific S2S vpn in the VPN collumn when your traffic is coming from the RA vpn.<BR /><BR />Try leaving the VPN column as "any" and the gateway might just do the trick.</P><P><BR />also, have you a log of a remote access user accessing HO at the moment?<BR /><BR /><BR /></P> Fri, 29 Sep 2023 13:12:46 GMT Machine_Head 2023-09-29T13:12:46Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Creating-a-policy-for-encrypting-RAVPN-traffic-on-a-S2S-VPN/m-p/193886#M4518 <P>Hi Guys,</P><P>&nbsp;</P><P>I have a requirement to allow the RAVPN network traffic towards HO network using a S2S tunnel &amp; the RAVPN network should be translated to a Host IP 10.x.x.x (SNAT).</P><P>&nbsp;</P><P>S2S VPN is UP &amp; created a Hide NAT policy for translating the source in encrypted traffic &amp; also created a security policy for allowing the encrypted traffic &amp; assigned the respective VPN community.</P><P>&nbsp;</P><P>My question is, The traffic is getting hit by the RAVPN policy only but not by the policy that i have created for the S2S tunnel.</P><DIV class="">&nbsp;</DIV><DIV class="">&nbsp;</DIV><DIV class="">&nbsp;</DIV><DIV class="">&nbsp;</DIV><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 29 Sep 2023 12:20:49 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Creating-a-policy-for-encrypting-RAVPN-traffic-on-a-S2S-VPN/m-p/193886#M4518 shantilalSuthar 2023-09-29T12:20:49Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Creating-a-policy-for-encrypting-RAVPN-traffic-on-a-S2S-VPN/m-p/193887#M4519 <P>attached are the policies.</P> Fri, 29 Sep 2023 12:28:01 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Creating-a-policy-for-encrypting-RAVPN-traffic-on-a-S2S-VPN/m-p/193887#M4519 shantilalSuthar 2023-09-29T12:28:01Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Creating-a-policy-for-encrypting-RAVPN-traffic-on-a-S2S-VPN/m-p/193888#M4520 <P>Is the HO network part of the RA encdom?</P><P>Is hub mode enabled at the moment?</P><P>VPN Clients &gt; Remote Access</P><P>&nbsp;</P><P>As for why the first rule doesn't match, i think its down to it having the specific S2S vpn in the VPN collumn when your traffic is coming from the RA vpn.<BR /><BR />Try leaving the VPN column as "any" and the gateway might just do the trick.</P><P><BR />also, have you a log of a remote access user accessing HO at the moment?<BR /><BR /><BR /></P> Fri, 29 Sep 2023 13:12:46 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Creating-a-policy-for-encrypting-RAVPN-traffic-on-a-S2S-VPN/m-p/193888#M4520 Machine_Head 2023-09-29T13:12:46Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Creating-a-policy-for-encrypting-RAVPN-traffic-on-a-S2S-VPN/m-p/193893#M4521 <P><SPAN>Is the HO network part of the RA encdom?</SPAN></P><P><SPAN>Yes, For routing the HO network via RAVPN.</SPAN></P><P>Hub mode is disabled.</P><P><SPAN>also, have you a log of a remote access user accessing HO at the moment?</SPAN></P><P><SPAN>Yes, Logging is enabled.</SPAN></P><P><SPAN>Will try with 'any' in VPN column &amp; check.</SPAN></P> Fri, 29 Sep 2023 13:54:58 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Creating-a-policy-for-encrypting-RAVPN-traffic-on-a-S2S-VPN/m-p/193893#M4521 shantilalSuthar 2023-09-29T13:54:58Z