Hi everyone.. 

I am hosting a service for a customer on a public accessible IP address…  i have then set up a site-2-site vpn for backup purposes because the customer also has a local server that needs backup.

the setup is.

local customer subnet192.168.80.0/24 & 192.168.50.0/24 (with client that needs to access navision service at my public ip.

the customer is accessing an RDP service using dns name navision.it-connect.nu

it resolves to my external ip 194.182.21.148

on the customer site I have a 1570 appliance

and In my hosting center I’m running checkpoint open server.

the local subnet for the navision server is 10.10.114.2

I have both firewall and nat rule in place allowing remote access.. everything is fine..

But I need to establish a site to site vpn from MY local subnet at the hosting center at 10.10.150.0/24 because I need to take a backup of a server at the customer local site.. that server is located at 192.168.80.0/24

i can establish the site to site tunnel fine and everything is working. But when I do that, then it is no longer possible for the customer at their local subnet 192.168.0.0/24 & 192.168.50.0/24 to access the navision server any longer, even though both the navision subnet AND the customers local subnet has not been defined in the encryption domain(which is on purpose)..

can anybody shed some light on what is happening ? I have another customer where this is not an issue… I even tried to do a copy/paste of the vpn community setup to rule out error, but it still blocks the remote access.. 

so I’m short.. vpn tunnel connects successfully allowing my backup server to reach customer subnet and do the backup but it breaks the customers access to the navision server when they try to reach it using the dns name/wan up address..