I'm running into an issue with Split Tunneling as well. We have Pretty much our entire 10.x.x.x network utilized in various test networks. We have a product range that users 10.10.10.x and 10.10.20.x that we have worked around. with a very likely overly complicated allow rule. The problem crops up when a contractor connected to our network and they used the network range 10.60.100.0/24. I changed our Test Allow rule to Detailed rule. then denyed that range for the contractor role. then allowed the networks for all Roles. This isn't working though. Can anyone point out where I went wrong? Also, if I understand this, I can change the Test polcy to use the resources 10.0.0.0/8 and let the detailed rule allow statement to handle the mishmash of 10.x.x.x networks that should come accross the tunnel. SA4500 v7.2 r3 The role is set to use Junos Pulse Split tunneling is allowed. Route Precidence is set to Tunnel Route Split Tunnel Resource Policy 1. Test Detailed Rules (Edit) 1. Deny 10.60.100.0/24 If: role = 'contractor' 2. Allow 10.0.0.0/13, 10.8.0.0/16, 10.9.0.0/16, 10.10.0.0/21, 10.10.12.0/23, 10.10.14.0/23, 10.10.16.0/23, 10.10.18.0/23, 10.10.8.0/23, 10.10.11.0/24, 10.10.21.0/24, 10.10.22.0/23, 10.10.24.0/22, 10.10.32.0/19, 10.10.64.0/18, 10.10.128.0/18, 10.10.192.0/18, 10.11.0.0/16, 10.12.0.0/14, 10.16.0.0/12, 10.10.28.0/22, 10.32.0.0/11, 10.64.0.0/10, 10.128.0.0/9 (Details) 10.0.0.0/13 10.8.0.0/16 10.9.0.0/16 10.10.0.0/21 10.10.12.0/23 10.10.14.0/23 10.10.16.0/23 10.10.18.0/23 10.10.8.0/23 10.10.11.0/24 10.10.21.0/24 10.10.22.0/23 10.10.24.0/22 10.10.32.0/19 10.10.64.0/18 10.10.128.0/18 10.10.192.0/18 10.11.0.0/16 10.12.0.0/14 10.16.0.0/12 10.10.28.0/22 10.32.0.0/11 10.64.0.0/10 10.128.0.0/9 All roles
... View more