Forum Discussion

Hugo_Frauches_2's avatar
Hugo_Frauches_2
Icon for Cirrus rankCirrus
Aug 11, 2017

Access internal DMZ virtual server in SSL VPN

Hello,   I have setup an LAB for learning prupose and i was wondering if its possible to access an internal Virtual Server in the DMZ (Load balance for internal users), i could not achieved this d...
application delivery
BIG-IP
BIG-IP Access Policy Manager (APM)
  • Yann_Desmarest_'s avatar
    Yann_Desmarest_
    Aug 17, 2017

    Hi,

     

    If the internal Virtual Server is HTTP or HTTPs, you may assign an SSO Access profile that allow you to get the username and password of the main Network Access policy.

     

    Then, you can define an LDAP query to filter who can access the VS or not.

     

    Or you can use an irule to control who can access the Virtual Server.

     

    Alternatively, you can define several Lease pool based on different user populatiion and attach an irule to the DNZ Virtual Server allowing access to some lease IP addresses and reject or drop access for some others.

     

    Hope it helps

     

    Yann

     

Hugo_Frauches_2's avatar
Hugo_Frauches_2
Icon for Cirrus rankCirrus
Aug 11, 2017

Adding the sslvpn vlan to the Virtual Server allow me to connect, but i cant retrict access to it, example:

 

APM Policy

 

1) User from group A can access this virtual server.

 

2) User from other groups cant access.

 

This type of control does not work because when i add the vLan the connection isnt retricted at all.