Forum Discussion

MaryV's avatar
MaryV
Icon for Nimbostratus rankNimbostratus
Aug 06, 2019

APM vpn client to virtual server source IP

Hello,

 

when we have APM and LTM provision on the same device and a APM authenticated VPN client tries to connect on an virtual server on the same device, what is expected to be the source IP on the client side connection on the VS? If the one from the lease pool, is it possible to somehow change this to a SNAT IP?

 

Thank you

application delivery
BIG-IP Access Policy Manager (APM)
  • DanS92's avatar
    DanS92
    Aug 08, 2019

    If the VPN connection is a full client connection, the source IP should be the IP that they were assigned by APM.

    If the VPN connection isn't a full client connection, I believe the source IP would be the Self IP of the F5.

     

    You should be able to attach a SNAT Pool to the VS they are connecting to. More info on SNAT here: https://support.f5.com/csp/article/K7820

  • DanS92's avatar
    DanS92
    Icon for Cirrus rankCirrus
    Aug 08, 2019

    If the VPN connection is a full client connection, the source IP should be the IP that they were assigned by APM.

    If the VPN connection isn't a full client connection, I believe the source IP would be the Self IP of the F5.

     

    You should be able to attach a SNAT Pool to the VS they are connecting to. More info on SNAT here: https://support.f5.com/csp/article/K7820

  • MaryV's avatar
    MaryV
    Icon for Nimbostratus rankNimbostratus
    Aug 08, 2019

    Dans92, thanks for the reply. I had totally forgotten about the origin setting on the SNATs and ended up using a small iRule with an address data group which ultimately achieves the same.