Hi There,

I consider this a strange request, but will outline the situation. 

Star Based IPSEC VPN Community, which is working perfectly fine to external 3rd party.  VPN Community is built so client private /16 and external party private /27 can communicate.  Essentially the 3rd party use the tunnel to keep printing traffic encrypted to client printers.  

Currently, users access 3rd party web portal by an A record with public IP address that differs to the PIP that the Interoperable Device is configured with.  Therefore this access is across the native internet, but does passthrough the checkpoint firewall that also peer's the IPSEC Tunnel.  

The 3rd party, now wants WebGUI access for users to use an A Record that resolves to the same PIP as the interoperable Device.  This access currently does not work. 

Firewall logging indicates that this traffic attempts to be encrypted across the VPN Community.  Eventually it generates an IKE failure "No Response to Peer"   I have attached the 1st log of the communication.   Trace Route from client site stops at the Checkpoint Firewall.  

I don't know if some of my config is wrong in the VPN community or if this is just an expected outcome.  I have limited knowledge, of the 3rd party networking configuration, to yet make the suggestion of using split-brain DNS and resolving the A record to a private IP covered by the VPN Community. 

Any advise or assistance would be appreciated.