For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

ShawnC's avatar
ShawnC
Icon for Altostratus rankAltostratus
Oct 27, 2025

APM VPN LDAP POOL can't contact ldap server.

Hi, I have a question regarding APM VPN and LDAP authentication. When I configure the LDAP server using the direct LDAP Server IP, the authentication works fine. However, when I use a Pool with th...
APM
ldap
vpn
Injeyan_Kostas's avatar
Injeyan_Kostas
Icon for Nacreous rankNacreous
Oct 28, 2025

What seeting does your LDAP pool has.

Maybe you have define specific port there? For example LDAP but in LDAP auth you choose ldaps?

Usually, at least in ad auth, where you can create a pool directly through ad auth config, the pool actually be created with wildcard port

  • ShawnC's avatar
    ShawnC
    Icon for Altostratus rankAltostratus
    Oct 29, 2025

    The setup uses LDAP on port 389 for everything. It works when configured as a 'direct' connection, but it fails when switching to the 'pool' configuration.

    • Injeyan_Kostas's avatar
      Injeyan_Kostas
      Icon for Nacreous rankNacreous
      Oct 29, 2025

      Have you done a tcpdump to check if the traffic is leaving f5 correctly?

      • ShawnC's avatar
        ShawnC
        Icon for Altostratus rankAltostratus
        Nov 07, 2025

        Using tcpdump, I discovered that when using a pool, port 389 always sends out through other floating IPs.

        The problem was that the interface I needed to route to didn't have a floating IP configured, only its own IP. After configuring it, the connection worked.

        I'm using two machines in HA mode. I found that using Direct routes sends the MGMT, while using Pool routes it sends the floating IP. I tried directly pointing the router to the VLAN, but without a floating IP, the data wasn't sent out at all.

        The conclusion is that a floating IP must be configured. Thank you for your help.