USG FLEX 200H: Remote Access VPN (IKEv2) Split Tunnel limited to a single CIDR field
Freshman Member
Hi everyone,
We are currently configuring a Remote Access VPN (IKEv2) on a USG FLEX 200H. While setting up Split Tunneling, we’ve noticed a major limitation compared to the Site-to-Site (S2S) configuration.
In Site-to-Site VPN, the H-series easily allows the selection of multiple subnets. However, in the Remote Access VPN setup, the GUI only provides a single input field that strictly requires a single CIDR notation.
The Issue:
We need our remote clients to access two non-contiguous subnets, for example:
10.10.15.0/24
192.168.95.0/24
The GUI does not seem to accept Address Groups, Objects, or multiple entries (comma-separated). Since these IP ranges are so far apart, Supernetting / CIDR summarization is not a viable solution for us.
My questions:
Why is the Remote Access configuration restricted to a single CIDR field when the S2S implementation allows multiple networks?
Is there a way (perhaps via CLI) to add multiple Traffic Selectors or Local Policies to a single Remote Access Gateway?
Are there plans to allow Address Groups in this field in an upcoming firmware update, to bring it in line with the Site-to-Site capabilities?
Any help or workarounds to get multiple routes pushed to the IKEv2 clients would be greatly appreciated.
Best regards
Categories
- All Categories
- 442 Beta Program
- 3K Nebula
- 223 Nebula Ideas
- 129 Nebula Status and Incidents
- 6.6K Security
- 627 USG FLEX H Series
- 352 Security Ideas
- 1.7K Switch
- 84 Switch Ideas
- 1.4K Wireless
- 54 Wireless Ideas
- 7K Consumer Product
- 298 Service & License
- 492 News and Release
- 92 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.8K FAQ
- 34 Documents
- 88 About Community
- 108 Security Highlight
