RA clients receive unnecessary routes

kamilazat — Thu, 13 Jun 2024 06:17:42 GMT

Hi mates!

We noticed that RA clients receive the routes from networks that are excluded from VPN community.

1. We followed sk167000 and

a. Set the value of the "Route all traffic to gateway" parameter to "No".

b. Created a network object (A) for excluded domain

c. We created another network object "Group with Exclusions" (B) and excluded the previous network group (A) from it.

d. Added a network group with exceptions (B) to the Remote Access Community and enabled Hub Mode.

2. While connecting to the VPN, we noticed that the client is receiving routing information from an excluded network group.

I understand that the clients will receive all the routes from all the participating gateways, but it feels a little unsecure knowing that any RA client will know about the networks that they are not supposed to.

Is there a way to prevent RA clients to not receive routing from excluded networks?

We are on Maestro R81.10 Take 139.

Thanks in advance!

Re: RA clients receive unnecessary routes

PhoneBoy — Mon, 17 Jun 2024 16:43:56 GMT

Not sure the exclusions prevent the routes from being received by the client.
This should probably be confirmed with TAC.

topic Re: RA clients receive unnecessary routes in SASE and Remote Access

RA clients receive unnecessary routes

Re: RA clients receive unnecessary routes