Some critical information is missing from your explanation but I will assuming your setup is the following:
1. UserA connects via GP to FirewallA
2. UserA then accesses a resource behind FirewallB
3. FirewallB has an ipsec s2s tunnel to FirewallA and this is how GP users are reaching the resource behind FirewallB
If the above is true, then FirewallB needs to be receiving redistributed GP mappings from FirewallA. FirewallB doesn't magically know about the ip to user mapping of UserA that is known to FirewallA. FirewallB must be told wha the ip to user mapping is by configuring user-id redistribution.