Forum Discussion

Emilio_27076's avatar
Icon for Nimbostratus rankNimbostratus
Mar 22, 2012

advanced routing (Network Access)

Hi folks,



I made a Network Access policy and included it a lease pool for a vpn service, all clients are working like a charm with this public service, they receive a IP in a lease pool range ( - and they are connecting to our private network with their own ip (no snat).



But now my problem. We tried to ping vpn clients without success and also we need to connect to a TCP port in the vpn client . I would like to know if the community could help me indicating how I can add a advanced routing to redirect INPUT connections in the F5 with destination my vpn range. A tcpdump shows connections to the vpn range but F5 doesn't know what to do with theirs.



A ifconfig output shows the network interface is made in the F5 appliance






policy_vpn Link encap:Ethernet HWaddr 00:00:00:00:00:00


inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link




RX packets:0 errors:0 dropped:0 overruns:0 frame:0


TX packets:0 errors:0 dropped:0 overruns:0 carrier:0


collisions:0 txqueuelen:0


RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)



(more interfaces)



policy_vpn is the network access which I added the lease pool and is used by the virtual service that external clients use to connect to our vpn service



Some information about this issue is welcomed.









4 Replies

  • are you using route domains? If yes, check that the connectivity profile is in the vlan members of your route domain.


  • HI, the issue was solved using a NIC for interface of the VPN and a different NIC for the Virtual server that open the 443 port and makes the VPN through web.


    Bad for the support channel. it could not be solved by them after 2 months working in it. It was solved comparing the configuration with other vpn products in the company.


    I hope the solution helps to others.


    • DannyG_34437's avatar
      Icon for Cirrus rankCirrus
      Hi, I am having the same issue. Can you explain in detail what exactly you did to resolve your problem? I would really appreciate you doing so.. Kind regards, Danny