Forum Discussion

Aziz-90s's avatar
Icon for Altocumulus rankAltocumulus
Feb 12, 2023

APM spilt tunneling

Hi all

I've configured a network-access VPN and used split tunneling for traffic.

now in IPV4 LAN Address Space added X.X.X.X and in DNS Address Space added that linked to the IP

knowing that is a public site but it's only accessible from my company local network that why i needed split tunneling 

but it's not working so did I missed something?

2 Replies

  • Could be several things. First time is to determine if the traffic actually goes to the right place.

    If you try to access the website from a client with APM client active do you see traffic for it on the BIG-IP? tcpdump is your friend here.

  • I second boneyard suggestion to troubleshoot with tcpdump what is going on the wire. I just wanted to add that when you add to the DNS Address Space list you are telling your client to make DNS resolution request for that domain through the tunnel using your internal DNS, so you need to make sure your DNS traffic is allowed to reach your DNS servers. If this is not what you want, you can leave this list empty and rely on public DNS resolution.

    Also, if you use DNS Address Sapce, make sure when you generate the client package that "DNS Relay Proxy Service" is enabled