Hello
Does anyone know if there is a limited number of secured routes that you can give a vpn client?
Im testing my lab pix515E 6.3.3 with new vpn profiles/acl and encounterd this problem
I have created a object-group (network) for the secured routes that i want to give the user
object-group network new_vpn_ip_ranges
description internal_network_ip_ranges
network-object 192.168.2.0 255.255.255.0 network-object 192.168.14.0 255.255.255.0 network-object 192.168.15.0 255.255.255.0 network-object 192.168.16.0 255.255.255.0 network-object 192.168.17.0 255.255.255.0 network-object 192.168.19.0 255.255.255.0 network-object 192.168.20.0 255.255.255.0 network-object 192.168.21.0 255.255.255.0 network-object 192.168.25.0 255.255.255.0
Then I created a new object-group for the vpn ip pools that i wanted the internal network to be able to access
object-group network new_vpn_ip_pools
description internal_vpn_pools
network-object 192.168.34.0 255.255.255.0
network-object 192.168.35.0 255.255.255.0
network-object 192.168.35.0 255.255.255.0
network-object 192.168.36.0 255.255.255.0
network-object 192.168.37.0 255.255.255.0
network-object 192.168.40.0 255.255.255.0
network-object 192.168.41.0 255.255.255.0
network-object 192.168.42.0 255.255.255.0
network-object 192.168.43.0 255.255.255.0
network-object 192.168.64.0 255.255.255.0
network-object 192.168.65.0 255.255.255.0
network-object 192.168.69.0 255.255.255.0
Then I created the ACL for this to work
access-list testingnewvpn permit ip object-group new_vpn_ip_ranges object-group new_vpn_ip_pools
If I then check "secure routes" in the vpn client, it only gives me 192.168.2.0, 192.168.14.0, 192.168.15.0, 192.168.16.0,192.168.17.0 networks and skipping the rest. There are like 14 secure routes entries for each ACL rule.
Like
192.168.2.0 255.255.255.0
192.168.2.0 255.255.255.0
192.168.2.0 255.255.255.0
(and so on x 14 for each acl rule)
Am I doing this wrong?
If I just do this ACL, it becomes perfect
access-list testingnewvpn permit ip object-group new_vpn_ip_ranges 192.168.32.0 255.255.255.0
Thank you