USG FLEX 200H: Remote Access VPN (IKEv2) Split Tunnel limited to a single CIDR field

Options
MyForumUser
MyForumUser Posts: 8 image  Freshman Member
First Comment Friend Collector Fifth Anniversary
in USG FLEX H Series

Hi everyone,

We are currently configuring a Remote Access VPN (IKEv2) on a USG FLEX 200H. While setting up Split Tunneling, we’ve noticed a major limitation compared to the Site-to-Site (S2S) configuration.

In Site-to-Site VPN, the H-series easily allows the selection of multiple subnets. However, in the Remote Access VPN setup, the GUI only provides a single input field that strictly requires a single CIDR notation.

The Issue:
We need our remote clients to access two non-contiguous subnets, for example:

10.10.15.0/24

192.168.95.0/24

The GUI does not seem to accept Address Groups, Objects, or multiple entries (comma-separated). Since these IP ranges are so far apart, Supernetting / CIDR summarization is not a viable solution for us.

My questions:

Why is the Remote Access configuration restricted to a single CIDR field when the S2S implementation allows multiple networks?

Is there a way (perhaps via CLI) to add multiple Traffic Selectors or Local Policies to a single Remote Access Gateway?

Are there plans to allow Address Groups in this field in an upcoming firmware update, to bring it in line with the Site-to-Site capabilities?

Any help or workarounds to get multiple routes pushed to the IKEv2 clients would be greatly appreciated.

Best regards

All Replies

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)