https://community.checkpoint.com/t5/SASE-and-Remote-Access/Access-to-ipsec-resources-from-remoteaccess-users/m-p/121425#M8413 <P>Hello,</P><P>I would like to allow my users to access resources located behind an ipsec tunnel with one of our clients&nbsp;but i don't understand how to do this.</P><P>I work with a gateway 3000 appliances in version 80.40 and a management appliance in 80.40 also.</P><P>What i want to do is allow flow like this :</P><P>RemoteAccess users --&gt; 3000 appliances --&gt; ipsec tunnel --&gt; Clients</P><P>A very big thank you to those who can help me !</P> Thu, 17 Jun 2021 07:29:14 GMT c5d51d79-b177-4 2021-06-17T07:29:14Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Access-to-ipsec-resources-from-remoteaccess-users/m-p/121425#M8413 <P>Hello,</P><P>I would like to allow my users to access resources located behind an ipsec tunnel with one of our clients&nbsp;but i don't understand how to do this.</P><P>I work with a gateway 3000 appliances in version 80.40 and a management appliance in 80.40 also.</P><P>What i want to do is allow flow like this :</P><P>RemoteAccess users --&gt; 3000 appliances --&gt; ipsec tunnel --&gt; Clients</P><P>A very big thank you to those who can help me !</P> Thu, 17 Jun 2021 07:29:14 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Access-to-ipsec-resources-from-remoteaccess-users/m-p/121425#M8413 c5d51d79-b177-4 2021-06-17T07:29:14Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Access-to-ipsec-resources-from-remoteaccess-users/m-p/121478#M8414 <P>The Remote Access encryption domain must include the encryption domain of the remote site.<BR />If you are not using Office Mode for Remote Access clients. you will also need to configure IP Pool NAT.</P> Thu, 17 Jun 2021 16:16:49 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Access-to-ipsec-resources-from-remoteaccess-users/m-p/121478#M8414 PhoneBoy 2021-06-17T16:16:49Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Access-to-ipsec-resources-from-remoteaccess-users/m-p/121811#M8415 <P>a big thank you for your feedback !</P><P>just to be sure of the manipulation, is it about adding the remote client's encryption domain to this encryption domain ?</P> Tue, 22 Jun 2021 10:17:35 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Access-to-ipsec-resources-from-remoteaccess-users/m-p/121811#M8415 c5d51d79-b177-4 2021-06-22T10:17:35Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Access-to-ipsec-resources-from-remoteaccess-users/m-p/121835#M8416 <P>I'm referring specifically to this:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screen Shot 2021-06-22 at 7.31.06 AM.png" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/12272i267E80BA488E02B8/image-size/medium?v=v2&amp;px=400" role="button" title="Screen Shot 2021-06-22 at 7.31.06 AM.png" alt="Screen Shot 2021-06-22 at 7.31.06 AM.png" /></span></P> <P>For your regular VPN gateway, ensure the Office Mode address space is included in the encryption domain.<BR />Your partner will need to ensure the Office Mode address space is included as part of their definition of your encryption domain.</P> Tue, 22 Jun 2021 14:35:05 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Access-to-ipsec-resources-from-remoteaccess-users/m-p/121835#M8416 PhoneBoy 2021-06-22T14:35:05Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Access-to-ipsec-resources-from-remoteaccess-users/m-p/121837#M8417 <P>Not exactly...what phoneboy is referring to is what I attached in the screenshot. Make sure that firewall is part of remote access community, save, then edit the object and apply the changes as per photo attached. Though, you could also do it from that window as well that you showed.</P> Tue, 22 Jun 2021 14:43:59 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Access-to-ipsec-resources-from-remoteaccess-users/m-p/121837#M8417 the_rock 2021-06-22T14:43:59Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Access-to-ipsec-resources-from-remoteaccess-users/m-p/121838#M8418 <P>Sorry, my apologies, I see that firewall is indeed part of RA community, so your answer is definitely correct, you can do it that way too.</P> Tue, 22 Jun 2021 14:45:11 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Access-to-ipsec-resources-from-remoteaccess-users/m-p/121838#M8418 the_rock 2021-06-22T14:45:11Z