I receive an error stating I can't add multiple services or address to the existing policy VPN. However, when I created a separate policy for the new subnet it shows active up. Why can't I just add the new subnet to the existing VPN rule on both sides? i.e. policy untrust to trust scr 172.16.30.0 dst 10.22.0.0 service any action tunnel is the existing policy. I want to add subnet 10.23.0.0 to this policy. Is this allowed?