The authorization rule order is significant and once a network match is found it stops processing additional rules.
So authorization rule for 10.1.1.0/24 must appear higher in the list than 10.1.0.0/16.
Also for Client B that should have access to the entire 10.1.0.0/16 subnet those users will need to be members of both AD Group A and AD Group B in order for them to get access to 10.1.1.0/24 and the rest of the /16 subnet.
Client VPN Endpoint Authorization rules do not work as I intend toAccepted Answerasked 4 months ago
Issue when creating DMS endpoint to connect with MSK using Mutual TLS authenticationasked a year ago
Does VPN Client endpoint really need authorization rules?asked 10 months ago
Amazon MSK Authentication and Authorizationasked a year ago
Cognito AUTHORIZATION endpoint - Error handlingasked a year ago
AWS Client VPN with OKTAasked 4 months ago
Client VPN Authorization Rulesasked 4 years ago
AppSync authorizationAccepted Answerasked 3 years ago
Authorization code flow with custom UI and Cognitoasked 6 months ago
AWS Client VPN unable to set Authorization Route with Group ID using OktaAccepted Answerasked 10 months ago