Forum Discussion

Hugo_Frauches_2's avatar
Hugo_Frauches_2
Icon for Cirrus rankCirrus
8 years ago
Solved

Access internal DMZ virtual server in SSL VPN

Hello,   I have setup an LAB for learning prupose and i was wondering if its possible to access an internal Virtual Server in the DMZ (Load balance for internal users), i could not achieved this d...
application delivery
big-ip
BIG-IP Access Policy Manager (APM)
  • Yann_Desmarest_'s avatar
    Yann_Desmarest_
    8 years ago

    Hi,

     

    If the internal Virtual Server is HTTP or HTTPs, you may assign an SSO Access profile that allow you to get the username and password of the main Network Access policy.

     

    Then, you can define an LDAP query to filter who can access the VS or not.

     

    Or you can use an irule to control who can access the Virtual Server.

     

    Alternatively, you can define several Lease pool based on different user populatiion and attach an irule to the DNZ Virtual Server allowing access to some lease IP addresses and reject or drop access for some others.

     

    Hope it helps

     

    Yann

     

Yann_Desmarest_'s avatar
Yann_Desmarest_
Icon for Nacreous rankNacreous
8 years ago

Hi,

 

If the internal Virtual Server is HTTP or HTTPs, you may assign an SSO Access profile that allow you to get the username and password of the main Network Access policy.

 

Then, you can define an LDAP query to filter who can access the VS or not.

 

Or you can use an irule to control who can access the Virtual Server.

 

Alternatively, you can define several Lease pool based on different user populatiion and attach an irule to the DNZ Virtual Server allowing access to some lease IP addresses and reject or drop access for some others.

 

Hope it helps

 

Yann

 

stan_piron's avatar
stan_piron
Icon for Cumulonimbus rankCumulonimbus
8 years ago

I agree with Yann, I had a customer with same issue... Connectivity profile was forgotten in VS VLAN allowed.