09-02-2019 12:24 AM
Hi all ,
What is the workaround when you want to assign same IP pool but different access routes to groups or users on the same gateway ?
So let's say that on the gateway I have 2 or more groups like Group1 and Group2 but I have one IP pool to assign IPs when they are connected but in Group2 I want split tunnel and define specific access routes where Group1 I need to have full tunnel ?
I get this : dynamic ip pool overlapping
09-02-2019 01:18 AM
@GeorgiosFakis I haven't tested with 8.0, but in 8.1 and later you can use the "Client IP pool" tap at agent level, which applies to all groups.
09-02-2019 01:32 AM
Yes, that's true , in PAN-OS 8.1 you can do that but in 8.0 you cannot .Looking for a solution on 8.0 before I go to 8.1 next year.
09-02-2019 11:03 PM
Hows about splitting the scope into 2.
or increase mask to /23
default users 192.168.0.10-192.168.0.250
splitvtunnel. 192.168.1.10-192.168.1.250
09-03-2019 12:17 AM
I agree , but I have 32 groups that need split tunneling and I have 9 gateways so it means 9x32=288 subnets
09-03-2019 02:46 AM
OK gotya... but..
I'm not quite sure of what your end result needs to be... does each of your 32 groups require a different split tunnel config.
or would one split tunnel suit all (or most).
09-03-2019 02:49 AM
Each group different split tunnel .I think is one way to go to version 9 .
09-03-2019 04:23 AM
perhaps you are correct but it's killing me why you would need 32 different split tunnel configs ?
09-04-2019 04:35 AM
Because I have 32 set of AD groups that they have different split tunnel networks
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
