Hello All,
I am quite new on Checkpoint VPN blade that's why sorry for stupid question !
Basically I am trying to establish IPsec VPN(mesh community) tunnels between HQ and branch sites as below diagram.
![Capture111.JPG Capture111.JPG](https://community.checkpoint.com/t5/image/serverpage/image-id/9034iCB26F1DC04740C30/image-size/large?v=v2&px=999)
However once I apply IPsec configuration, I lost SMS and FW connectivity. I suspect somehow SMS traffic goes into VPN tunnel that's why I lost connectivity between SMS and FW. See below Dubai-FW is disconnected after I push policy.
![Capture123.JPG Capture123.JPG](https://community.checkpoint.com/t5/image/serverpage/image-id/9037i17F55D6EFE2F3893/image-size/large?v=v2&px=999)
- Even though Dubai-FW is disconnected from SMS, Clients start to ping remote site that means IPSec VPN config successfull
![client11.JPG client11.JPG](https://community.checkpoint.com/t5/image/serverpage/image-id/9036iE1E5EC1AC4B319C8/image-size/large?v=v2&px=999)
![VPN_up.JPG VPN_up.JPG](https://community.checkpoint.com/t5/image/serverpage/image-id/9042iC4918C11A63492A0/image-size/large?v=v2&px=999)
In HQ-FW, I have only defined HQ-LAN-NET [10.1.0.0/24] network.(not added MGMT 192.168.1.0/24)
![HQ-1.JPG HQ-1.JPG](https://community.checkpoint.com/t5/image/serverpage/image-id/9035iDB31BA1DD14C1F46/image-size/large?v=v2&px=999)
- I have also defined VPN access policies on both Branch and HQ(rule 3 and 4)
![HQ_123.JPG HQ_123.JPG](https://community.checkpoint.com/t5/image/serverpage/image-id/9038i503F259C171B7628/image-size/large?v=v2&px=999)
-Defined NAT policy between branch and HQs( rule 1 and 2) [Not performing NAT between HQ and Branch Networks but SMS]
![HQ_NAT.JPG HQ_NAT.JPG](https://community.checkpoint.com/t5/image/serverpage/image-id/9039iE5A1C167F9DD765E/image-size/large?v=v2&px=999)
- I see from Logs that the traffic between Clients are encrypted and decrypted as below
![vpn_encrypt.JPG vpn_encrypt.JPG](https://community.checkpoint.com/t5/image/serverpage/image-id/9040iE45A9714CF98C0EF/image-size/large?v=v2&px=999)
- I check VPN blade logs and realized that many drops here below you can see one of them's detail. It specifies "Clear text packet should be encrypted"
![logg.JPG logg.JPG](https://community.checkpoint.com/t5/image/serverpage/image-id/9041i3CDAEDB7607074D9/image-size/large?v=v2&px=999)
From my perspective the SMS traffic goes into VPN tunnel even though I have excluded 192.168.1.0/24 network from VPN domain in HQ-FW. But don't understand the reason why.
Is anyone help me what couldn't I figure out in this set up ?
I would be appreciated if you have a look.
Thanks in Advance,