[vijayant]

Sir

I could not properly understand what you said after "If I were you .." But to explain: when the users (e.g User A)from my office connect to Smart server kept on the remote site then they (User A) get an IP assigned to their system (Office mode). as well some 10 to 15 route gets added and a Desktop security policy gets implimented to their (User A) machine. Desktop security policy puts inbound aswell outbound rules. One of the routes added after VPN connection is 172.21.0.0, and my server IP that needs to be accessed locally is 172.21.100.12. As I understand from your question is that if I allow 172.21.100.12 accessible from these system then the people sitting at remote end to which these (User A) are connecting will be able to access my server after VPN connectivity. But for this I feel that as they have the same network running at their end the packets will be not be routed at our side, else we can put access list on our L3 Switch for this perticular VLAN. But primarily I want the access of my server 172.21.100.12 even when the user A is connected to VPN. Is it possible...

some changes in userc.c ??
or bypassing checkpoint virtual interface for a perticular IP ??