Ran into an issue last night troubleshooting my home EZVPN setup, it wouldn't connect, and kept referencing the ACL, but the ACL is correct. It wasn't until I logged into an 851 with EZVPN that I found the problem. If you exceed 50 lists for split tunneling, the connection fails. There are only 7 EZVPN connections to an ASA5505, and only 3 networks for split tunneling, two single public IP's and 10.0.0.0/8.
Here is what I am seeing, for each VPN client there is an entry for the three subnets on each client, There were 17 client subnets configured using an object group with a single ACL,
access-list EZ-VPN-Split permit ip object-group EZVPN object-group EZVPN-Users
each client router was receiving 51 subnets to encrypt, all of the them were duplicates of the three subnets in the EzVPN to encrypt object-group.
How do I prevent this from happening? The ASA5505 only supports 10 peers, so that would be 30 routes. They should only see 3 from what I understand, do I need to setup the ACL different?