For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

ShawnC's avatar
ShawnC
Icon for Altostratus rankAltostratus
Oct 27, 2025

APM VPN LDAP POOL can't contact ldap server.

Hi, I have a question regarding APM VPN and LDAP authentication. When I configure the LDAP server using the direct LDAP Server IP, the authentication works fine. However, when I use a Pool with th...
APM
ldap
vpn
Shyy's avatar
Shyy
Icon for Cirrus rankCirrus
Oct 28, 2025

It shouldn't be any different you're just using a pool instead of directly accessing the ldap.
Only thing I can advise is maybe check that the pool and the member you're using are actually available.
Go to pools search for your ldap  pool and make sure it is green and available.

ShawnC's avatar
ShawnC
Icon for Altostratus rankAltostratus
Oct 29, 2025

I have confirmed that all POOL members are greenlit.

  • Shyy's avatar
    Shyy
    Icon for Cirrus rankCirrus
    Oct 30, 2025

    If the pool is available you should run a tcpdump to see where the traffic is coming from,
    plus look at ltm logs /var/log/ltm once you get the error, might be more information there.

    • ShawnC's avatar
      ShawnC
      Icon for Altostratus rankAltostratus
      Nov 07, 2025

      Using tcpdump, I discovered that when using a pool, port 389 always sends out through other floating IPs.

      The problem was that the interface I needed to route to didn't have a floating IP configured, only its own IP. After configuring it, the connection worked.

      I'm using two machines in HA mode. I found that using Direct routes sends the MGMT, while using Pool routes it sends the floating IP. I tried directly pointing the router to the VLAN, but without a floating IP, the data wasn't sent out at all.

      The conclusion is that a floating IP must be configured. Thank you for your help.