VPN routes issue

Jeril_Cherian · ‎2018-10-23

When connected to VPN ( secureclient, office mode), i'm not able to get to internal sites ( RFC private networks) when split tunneling is disabled. So, i added RFC networks to encryption domains and ended up having 300+ routes in client machine. Is there better way to make it possible ? Also why are the routes added in below fashion instead of just one /8 or /12 or /18

----

10.0.0.0 255.255.0.0 10.255.240.2 10.255.240.1 1
10.1.0.0 255.255.252.0 10.255.240.2 10.255.240.1 1
10.1.4.0 255.255.255.252 10.255.240.2 10.255.240.1 1
10.1.4.4 255.255.255.255 10.255.240.2 10.255.240.1 1
10.1.4.5 255.255.255.255 10.255.240.2 10.255.240.1 1
10.1.4.6 255.255.255.254 10.255.240.2 10.255.240.1 1
10.1.4.8 255.255.255.248 10.255.240.2 10.255.240.1 1
10.1.4.16 255.255.255.240 10.255.240.2 10.255.240.1 1
10.1.4.32 255.255.255.224 10.255.240.2 10.255.240.1 1
10.1.4.64 255.255.255.192 10.255.240.2 10.255.240.1 1
10.1.4.128 255.255.255.128 10.255.240.2 10.255.240.1 1
10.1.5.0 255.255.255.0 10.255.240.2 10.255.240.1 1
10.1.6.0 255.255.254.0 10.255.240.2 10.255.240.1 1
10.1.8.0 255.255.248.0 10.255.240.2 10.255.240.1 1
10.1.16.0 255.255.240.0 10.255.240.2 10.255.240.1 1

---

G_W_Albrecht · ‎2018-10-24

Usually, Encryption Domain contains all internal networks behind the GW. Following the CP VPN Admin Guides for configuration, i have never encountered the issue you describe at all...

Jeril_Cherian · ‎2018-10-24

Any idea why routes are added those ways ?

G_W_Albrecht · ‎2018-10-24

Maybe the reason is the way you defined / added it ? Usually, all networks defined as internal are in the Encryption Domain for the site when you choose for VPN Domain to use the Topology information.