I have made a VPN from my LAN (behind a PIX525) and 3 LANs behind a PIX 515. I specified them as 3 separated rules on IPsec ACL. I moved to 1 rule using group as I've already done it for ACL to control traffic from those 3 LAN to mine. I thought that adding new LANs to tunnel would have been easier as I need only to add more LANs to the group used for the tunnel. I got a refuse from PIX. It tells me that there is an error on a rules on the ACL applied on the interface where the tunnel terminates. I searched for the group through the entire config file just to see if there is a point where some rules are specified LAN by LAN instead of by that group. But I didn't find anything. Maybe I need to remove all the references in that ACL, add the other object to the group and then re-apply the ACL? What a silly thing. VPN rules are completely indipendent from ACL to permit traffic fowing on the tunnel, so why is the PIX behaving that way?
Alex.