Forum Discussion
eric_156978
Cirrus
CirrusAccess Policy Not evaluating when using a VPN tunnel
Hi,
I'm having an issue with a VPN tunnel. The VPN itself is working fine, however, the problem I'm running into is when a VPN user tries to access a virtual server hosted on the same F5 they ar...
The inside VPN tunnel traffic is automatically considered to be part of the user's already authenticated session. You can't run an APM VPN, then get another separate session to the same APM through the same tunnel.
You'll have to think of another way to accomplish your use case. If you can describe it more fully, maybe we can come up with some suggestions.
The inside VPN tunnel traffic is automatically considered to be part of the user's already authenticated session. You can't run an APM VPN, then get another separate session to the same APM through the same tunnel.
You'll have to think of another way to accomplish your use case. If you can describe it more fully, maybe we can come up with some suggestions.
eric_156978Thanks for the info. That makes sense, but is frustrating. The resources I'm trying to get users to are websites that have a lot of different things going on that the access policy controls(login banner, Kerberos mapping, running iRules, selecting pools, etc). They are internally facing only, hence the need for the VPN. The VPN tunnel really needs to have the access policy on it too(ldap user auth, certificate validation, etc). The hurdle I see now is if my VPN is https://vpn.example.com and my web resource is https://site1.example.com, can https://site1.example.com reuse the access policy from https://vpn.example.com or is there a way for it to start a new one?- eric_156978I got it working cleanly. The key point was that any part of the VPN access policy evaluated is available on any other browser session. Once I got that worked out, i created irules that set things up correctly based on the request type. Thanks for the tip!
- Cool, glad to hear it worked out.
- Cool, glad to hear it worked out.
