Reset Search
 

 
Article

KB16725 - What is the maximum number of split tunnel routes per tunnel?

Printable View
« Go Back

Information

 
Last Modified Date6/24/2022 2:54 PM
Synopsis
This article provides information about the maximum number of split tunnel routes per tunnel.
Problem or Goal
Cause
Solution
In 9.1R13 and prior, the Split Tunnel routes limit is 256.
In 9.1R14 and 9.1R15, the Split Tunnel routes limit is 512 for each category of resources viz., IPv4 (512), IPv6 (512) & FQDN (512).
In 9.1R16 / ISAC 22.2R1 and above, the Split Tunnel routes limit is 1024 for each category of resources viz., IPv4 (1024), IPv6 (1024) & FQDN (1024).
In 9.1R17 / ISAC 22.3R1 and above, the Split Tunnel routes limit is 2048 for each category of resources viz., IPv4 (2048), IPv6 (2048) & FQDN (2048).

Note - 
  1. Both PCS / ICS & PDC / ISAC needs to be upgraded to avail of this benefit.
  2. iOS does not support FQDN ST due to its OS limitations.
  3. iOS supports only 1024 IP ST routes due to its OS limitations. Routes beyond the said limit will be dropped. Users may not be able to access the resources beyond 1024 routes.

If a Tunnel exceeds this limit, the Pulse Secure Desktop client will fail to connect (With the below message in the Event logs) until the split tunnel routes are reduced.   
Failed to set Split-Tunneling networks for user XXXXX. There can only be up to a maximum 
of XXX split-tunneling routes applied per VPN tunnel.
The impact of this message is limited to the specific user who exceeds this limit.  

How to reduce the number of split tunnel routes?

The total number of split tunnel routes is calculated by the total number of split tunnel routes for each assigned user role.  For example, user A is assigned may be assigned to multiple roles.  
  • ROLE A (15 split tunnel routes)
  • ROLE B (20 split tunnel routes)
  • ROLE C (10 split tunnel routes)
If user A is assigned to all 3 roles, the total split tunnel routes would be 45 split tunnel routes.  If user A is assigned to ROLE A and ROLE B, then the total split tunnel routes would be 35 split tunnel routes. The administrator should evaluate all user roles the problematic end user is assigned to and consolidate individual split tunnel routes and ports by ranges or eliminate duplicate or unnecessary routes.  

For example:

192.168.1.2, 192.168.1.3, 192.168.1.4 can be converted to 192.168.1.2-192.168.1.4




 

Related Links
Attachment 1 
Created ByData Deployment

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255