APM spilt tunneling

Question

Hi allI've configured a network-access VPN and used split tunneling for traffic.now in&nbsp;IPV4 LAN Address Space added X.X.X.X and in&nbsp;DNS Address Space added example.com that linked to the IPknowing that example.com is a public site but it's only accessible from my company local network that why i needed split tunneling&nbsp;but it's not working so did I missed something?

boneyard · Answer

Could be several things. First time is to determine if the traffic actually goes to the right place.
If you try to access the website from a client with APM client active do you see traffic for it on the BIG-IP? tcpdump is your friend here.

amine_kadimi · Answer

I second boneyard suggestion to troubleshoot with tcpdump what is going on the wire. I just wanted to add that when you add example.com to the DNS Address Space list you are telling your client to make DNS resolution request for that domain through the tunnel using your internal DNS, so you need to make sure your DNS traffic is allowed to reach your DNS servers. If this is not what you want, you can leave this list empty and rely on public DNS resolution.
Also, if you use DNS Address Sapce, make sure when you generate the client package that "DNS Relay Proxy Service" is enabled

Forum Discussion

APM spilt tunneling

Recent Discussions

ports are showing open on online scanning tool

Upgrade F5 BIGIP

DNS HM Probe issue

Is XFF a must for ASM WAF DoS

Switch ssl profile based on weak cipher detection via IRULE

Related Content

F5 BIG-IP Access Policy Manager (APM) Machine Tunnels for Windows

About APM spilt tunnel DNS

SSL VPN Split Tunneling and Office 365

DNS Tunnel Mitigation v2

DNS Tunneling Protection

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS