Version: R81.10 Take 150.

I installed two different RA GW, disable MEP.

And I want when users connect to first RA GW only office subnets route to vpn tunnel and other traffic through local ISP.

And when user connect to second RA GW all traffic route to vpn.

Now when user connect to first RA VPN that all traffic route to vpn and ignore VPN Domains for this GW.

I configured different VPN Domains.

Subnets that need route on first and second RA GW overlaps, because second RA GW route all traffic to vpn.

Is it possible using one SMS have two different rule for RA VPN?

There's an SK that covers this specific scenario: https://support.checkpoint.com/results/sk/sk111995 

Interesting...never recall having to follow this sk before.

Andy

I read this. MEP is disabled.

So please answer this question...how are enc domains configured? Is it overlapping or they have seperate subnets/groups? This info is IMPORTANT.

Andy

VPN-SINet-Subnets has list of subnets

ED-remoteaccess has All-Internet-group 

In such case, document says to follow ttm file to be manual, ie domains are NOT overlapping, which they are not in your case. I had done this for customers before and we followed exactly what it shows in the link I sent you, no issues.

Andy

I am not sure that understood.

Now I have config ttm file:

automatic_mep_topology - false

mep_mode - dns_based

enable_gw_resolving - true

And nothing worked

I will check in the morning, as I have this working in the lab. Make sure to follow al the steps from that document, it works 100%.

Andy

Thats what document was indicating as well.

In the document indicated on GW side (need edit file on GW), I removed on client side (edit client file).

Never had to do that myself...what are versions of the gw/client?

Andy

GW - R81.10 Take 150, Client 88.30 and 86.50

Done it with those versions, NEVER have I had to modify anything on the client side.