Hello.

I have a situation where I am trying to allow remote access users to access a LAN subnet at a remote site.

For example.

I am ABC company.

ABC have remote access solution for their employees

ABC have 1 set of HA firewalls on the perimeter

ABC have a S2S VPN (STAR) to a company called HLD

ABC employees need to acccess HLD LAN from their remote access connection

Issue is:

Before making any NAT changes, or before changing the remote end to point at the RA office mode subnet, this happens:

Adding HLD LAN subnet to RA Encryption domain means everyone loses access to HLD. Not just remote access, everyone on ABC LAN can no longer access HLD.

Tunnel stays up, but traffic starts routing out via GW default gateway, and not over VPN.

Removing HLD LAN from RA Enc Domain fixes issues almost immediately.

Can someone provide advice on why this is happening, and the best way to configure such a set up?

R80.30 running Jumbo 90 something.. 2.6 kernel. 3000 devices running HA