SecureClient behind a VPN peer

[Jay_D]

Hi,

consider this scenario: main site running NGX R62. Branch site has a site-to-site VPN on a Safe@ with the main site. A laptop user with SecureClient (with config for the main site) goes to the branch site and wants to access the main site.
As there is a site-to-site no SecureClient connection is needed but for some reason he cannot access the main site. Auto-Connect is disabled.
The strange thing is that he can access the main site if he stops VPN-1 SecureClient (right click icon in systray and choose stop).

So my question is: why is SecureClient interfering if we didn't click connect ourselves? I would like to have SecureClient active when I want it (for example in a hotel) and just sitting there when I am at the branch office.

If this is the basic behaviour then I'd prefer to have SecureClient on manual startup but I can't figure this out without giving the user admin rights.

Any feedback is appreciated.
Kind regards,
JD.

[rubber_chicken]

Theres a few things here that you can look at:

1. Are you running a desktop policy that defines a strict firewall rulebase?
2. Is the branch site included in the desktop rulebase as being allowed?
3. Have you read and understood the following section of the VPN Admin Guide "How to Prevent a Client Inside the Encryption Domain from Encrypting"

Give those things a look over and let us know how you get on.